ClawHub

WordPress Expert

v1.0.12

Enable WordPress superpowers for OpenClaw. Your Developer, Content Manager, Author, Security Specialists, Contributor, Subscriber and Admin and more.

0· 309·0 current·0 all-time
by@realm1lf

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for realm1lf/wordpress-expert.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "WordPress Expert" (realm1lf/wordpress-expert) from ClawHub.
Skill page: https://clawhub.ai/realm1lf/wordpress-expert
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: WORDPRESS_SITE_URL, WORDPRESS_USER, WORDPRESS_APPLICATION_PASSWORD
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wordpress-expert

ClawHub CLI

Package manager switcher

npx clawhub@latest install wordpress-expert
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (WordPress Expert) match the declared requirements: site URL, WordPress user, application password, and either 'wp' or 'curl' for REST/CLI fallbacks. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines the agent to WordPress tasks (REST, WP‑CLI, plugin/theme files) and explicitly warns about secrets and destructive actions. It also instructs installing a companion plugin and an optional MU plugin on the WordPress server; these are outside the skill bundle and should be audited before installation. Overall scope is reasonable for the stated purpose but depends on a separate plugin for safer tooling.
Install Mechanism
The skill itself is instruction-only (no install spec), so it writes nothing to disk. It recommends cloning and installing the companion plugin from a public GitHub repo (github.com/realM1lF/openclaw-wordpress-tool) and running npm install / openclaw plugins install. Using a GitHub repo is a common pattern but represents a supply‑chain step the operator must review prior to npm install or enabling the plugin.
Credentials
The three required env vars (WORDPRESS_SITE_URL, WORDPRESS_USER, WORDPRESS_APPLICATION_PASSWORD) are exactly what a REST-based WordPress integration needs. Optional WORDPRESS_PATH is documented for WP-CLI use. No extraneous secrets or unrelated credentials are requested.
Persistence & Privilege
The skill is not 'always' forced in every agent run and uses default autonomous invocation. It does not request system-wide configuration changes itself; it instructs the operator how to enable plugin tools and update openclaw.json which is standard for OpenClaw integrations. This is proportionate, but you should be mindful that enabling the companion plugin + broad tools.allow increases agent capabilities.
Assessment
This skill is internally consistent and appears to be what it says: a WordPress management guide for OpenClaw that can use REST, WP‑CLI, or an optional companion plugin for safer tooling. Before installing or enabling anything: 1) Do NOT paste application passwords into chat or commit them to Git—store them in environment or openclaw.json only. 2) Review the companion plugin repository (github.com/realM1lF/openclaw-wordpress-tool) and any MU plugin PHP source before running npm install or copying files to wp-content/mu-plugins — treat this as a third‑party package. 3) Use a least‑privilege WordPress account (or staging) when granting access. 4) Carefully configure tools.allow / sandbox policies so only the minimal wordpress-site-tools entries are permitted; avoid broad WP‑CLI allowlists on production. 5) Verify that the ClawHub/registry bundle did not silently omit or mutate required server-side PHP (the README warns that packaged text bundles may omit binary/.php files); clone the full repo for the mu-plugin if you intend to deploy it. If you need help reviewing the companion plugin code or deciding a safe allowlist for WP‑CLI, get that code inspected before enabling it in production.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Any binwp, curl
EnvWORDPRESS_SITE_URL, WORDPRESS_USER, WORDPRESS_APPLICATION_PASSWORD
latestvk97bakfhcb5g2v5jybqvdzyjm583ddjz
309downloads
0stars
6versions
Updated 1mo ago
v1.0.12
MIT-0
@realm1lf
latest
Download

WordPress Expert: User Guide

What This Skill Is

This skill equips your OpenClaw agent with the necessary instructions and checklists to manage your existing WordPress website. It empowers the AI to perform tasks related to content, settings, media, plugins, themes, and extensions like WooCommerce or Elementor.

The AI typically communicates with your site via secure web interfaces (HTTPS/REST). If configured accordingly, it can also work directly via the terminal (WP-CLI) or at the file level.

Urgent Recommendation: The Companion Plugin

For the AI to work precisely and safely, you should install the companion plugin wordpress-site-tools on the computer/server where your OpenClaw gateway runs: github.com/realM1lF/openclaw-wordpress-tool.

  • Why? This plugin provides typed tools (e.g. wordpress_rest_request, wordpress_wp_cli, wordpress_connection_check, optional media and plugin file access).
  • Benefit: Clearer, easier to audit, and easier to allowlist than ad-hoc exec/curl. Without it, the skill still documents fallbacks—more manual and error-prone.

Installation Steps (Typical Flow)

On your OpenClaw gateway machine:

  1. Install the skill (e.g. ClawHub or skills/wordpress-expert in the workspace).
  2. Clone the wordpress-site-tools repo, run npm install, then openclaw plugins install / enable (see plugin README).
  3. Grant tools: Add WordPress tools to tools.allow in openclaw.json.
  4. Environment variables: Set the three required variables below (host env or skills.entries["wordpress-expert"].env). Optional: WORDPRESS_PATH if you use WP-CLI or wordpress_plugin_files—see {baseDir}/references/CONNECTING.md.
  5. openclaw gateway restart after plugin, allowlist, or env changes.

Full detail: {baseDir}/README.md, {baseDir}/references/CONNECTING.md, {baseDir}/references/PRE_INSTALL_AND_TRUST.md.

What You Can Expect from the AI

  • Everyday tasks: e.g. “Create a draft post” or “Upload an image” via REST—with wordpress-site-tools, prefer wordpress_rest_request and related tools.
  • Advanced tasks: WP-CLI or plugin file edits need WORDPRESS_PATH, narrow allowlists, and explicit configuration—see {baseDir}/references/CONNECTING.md and {baseDir}/references/WPCLI_PRESETS.md.
  • Security: The AI is not an omnipotent admin by default; use staging, least-privilege users, and approval for destructive work. The AI should use fresh tool/API data, not guesses.

Required Setup (Environment Variables)

These three are required (see metadata.openclaw.requires):

  1. WORDPRESS_SITE_URL — Base URL of the site (HTTPS, no trailing slash), e.g. https://yoursite.com.
  2. WORDPRESS_USER — WordPress username for the application password.
  3. WORDPRESS_APPLICATION_PASSWORD — From Users → Profile → Application Passwords in WordPress (not the login password). Store in env/config, never in chat or Git.

Optional: WORDPRESS_PATH — Directory on the gateway where wp runs, if you use WP-CLI or plugin file tools. Details: {baseDir}/references/AUTH.md, {baseDir}/references/CONNECTING.md.

Important Rules for People and the AI

  • No secrets in chat or Git — see {baseDir}/references/AUTH.md.
  • Deeper topics load from {baseDir}/references/ as needed (progressive disclosure).

When the agent should use this skill

Use for WordPress-related work: content, media, plugins, themes, WooCommerce, Elementor, REST, code under wp-content. Do not use for unrelated tasks.

Load {baseDir}/references/ files when the task matches (examples: CONNECTING.md, PLUGIN_DEV_PLAYBOOK.md, DOMAIN.md, WOOCOMMERCE.md, ELEMENTOR.md, BLOCK_EDITOR.md, THEME_AND_TEMPLATES.md, PERFORMANCE_AND_SECURITY.md, SAFETY.md, WORKFLOWS.md). Full index: {baseDir}/references/OVERVIEW.md.

Rules for the assistant (summary)

  1. Use fresh data from tools/API before writes; do not invent site state.
  2. Never echo secrets; store credentials in host env or openclaw.json skill env—not chat.
  3. Prefer wordpress_rest_request / wordpress_wp_cli / wordpress_connection_check (and related plugin tools) when in tools.allow; see {baseDir}/references/NATIVE_VS_PLUGIN.md and {baseDir}/references/TOOLING.md.
  4. For new site-specific plugin files, prefer the real wp-content/plugins/… tree or wordpress_plugin_files—not the generic OpenClaw workspace by default; see {baseDir}/references/PLUGIN_DEV_PLAYBOOK.md (“Where OpenClaw should write”).
  5. After plugin or tools.allow changes, openclaw gateway restart is usually required—see {baseDir}/references/CONNECTING.md.
  6. Do not patch third-party plugins in place—addon approach in {baseDir}/references/PLUGIN_DEV_PLAYBOOK.md and {baseDir}/references/USER_EXPECTATIONS.md.

Where work runs: On the OpenClaw gateway (REST, shell, browser, workspace). Optional MU helper on the WordPress server is documented under {baseDir}/bundled/mu-plugin/README.md and {baseDir}/references/MU_HELPER.md.

Comments

Loading comments...