ClawHub

WP Multitool — WordPress Optimization Toolkit

v1.1.19-2

WordPress site health audit, performance optimization, database cleanup, autoload tuning, slow query detection, wp-config management, image size control, fro...

2· 2.6k·1 current·1 all-time
byMarcin Dudek@marcindudekdev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill requires only the wp (WP-CLI) binary and declares read/write operations appropriate for a WordPress optimization toolkit (db cleanup, config changes, frontend option tweaks). Required binaries, declared permissions, and feature set align with the stated purpose.
Instruction Scope
SKILL.md differentiates read-only diagnostics from destructive 'Quick Fixes' and requires user confirmation for writes; it explicitly forbids wp eval and reading sensitive config values. However, these are declarative safeguards in prose — the agent executing shell commands could still run arbitrary commands if misused. Reviewers should treat the safeguards as guidance rather than an enforced policy.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes install-time risk because nothing is downloaded or written by the skill itself; it relies on an existing WP-CLI binary.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The write operations that would modify files or DB are reasonable for the stated functionality; required access (shell/SSH and WP-CLI on the target site) is proportional.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. It declares requires_user_confirmation for destructive ops. Autonomous invocation remains possible (platform default), so user confirmation relies on platform enforcement.
Assessment
This skill is coherent with its purpose, but it executes WP-CLI on your environment so treat it like a local admin tool: (1) verify WP-CLI is installed on a trusted host and run the read-only diagnostics first, (2) always take a full DB and file backup (wp db export + filesystem snapshot) before allowing any write operations, (3) confirm the platform enforces the declared 'requires_user_confirmation' behavior before permitting destructive commands, (4) inspect or obtain the plugin code from the vendor (wpmultitool.com) before installing a paid plugin, and (5) never run the write commands on a production site without a rollback plan. The SKILL.md's safeguards (no wp eval, no reading DB_PASSWORD, etc.) are good practice but are not technically enforced by the skill itself — proceed only if you trust the agent/runtime that will execute the commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk972gneccazpyd67v5hwgmgjvn84k6qe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔧 Clawdis
Binswp

Comments