ClawHub

WordPress Expert

v1.0.12

Enable WordPress superpowers for OpenClaw. Your Developer, Content Manager, Author, Security Specialists, Contributor, Subscriber and Admin and more.

0· 187·0 current·0 all-time
by@realm1lf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (WordPress Expert) match the declared requirements: site URL, WordPress user, application password, and either 'wp' or 'curl' for REST/CLI fallbacks. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines the agent to WordPress tasks (REST, WP‑CLI, plugin/theme files) and explicitly warns about secrets and destructive actions. It also instructs installing a companion plugin and an optional MU plugin on the WordPress server; these are outside the skill bundle and should be audited before installation. Overall scope is reasonable for the stated purpose but depends on a separate plugin for safer tooling.
Install Mechanism
The skill itself is instruction-only (no install spec), so it writes nothing to disk. It recommends cloning and installing the companion plugin from a public GitHub repo (github.com/realM1lF/openclaw-wordpress-tool) and running npm install / openclaw plugins install. Using a GitHub repo is a common pattern but represents a supply‑chain step the operator must review prior to npm install or enabling the plugin.
Credentials
The three required env vars (WORDPRESS_SITE_URL, WORDPRESS_USER, WORDPRESS_APPLICATION_PASSWORD) are exactly what a REST-based WordPress integration needs. Optional WORDPRESS_PATH is documented for WP-CLI use. No extraneous secrets or unrelated credentials are requested.
Persistence & Privilege
The skill is not 'always' forced in every agent run and uses default autonomous invocation. It does not request system-wide configuration changes itself; it instructs the operator how to enable plugin tools and update openclaw.json which is standard for OpenClaw integrations. This is proportionate, but you should be mindful that enabling the companion plugin + broad tools.allow increases agent capabilities.
Assessment
This skill is internally consistent and appears to be what it says: a WordPress management guide for OpenClaw that can use REST, WP‑CLI, or an optional companion plugin for safer tooling. Before installing or enabling anything: 1) Do NOT paste application passwords into chat or commit them to Git—store them in environment or openclaw.json only. 2) Review the companion plugin repository (github.com/realM1lF/openclaw-wordpress-tool) and any MU plugin PHP source before running npm install or copying files to wp-content/mu-plugins — treat this as a third‑party package. 3) Use a least‑privilege WordPress account (or staging) when granting access. 4) Carefully configure tools.allow / sandbox policies so only the minimal wordpress-site-tools entries are permitted; avoid broad WP‑CLI allowlists on production. 5) Verify that the ClawHub/registry bundle did not silently omit or mutate required server-side PHP (the README warns that packaged text bundles may omit binary/.php files); clone the full repo for the mu-plugin if you intend to deploy it. If you need help reviewing the companion plugin code or deciding a safe allowlist for WP‑CLI, get that code inspected before enabling it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bakfhcb5g2v5jybqvdzyjm583ddjz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binwp, curl
EnvWORDPRESS_SITE_URL, WORDPRESS_USER, WORDPRESS_APPLICATION_PASSWORD

Comments