← Back to Skills Marketplace

WordPress REST API

Name: WordPress REST API
Author: matthewxmurphy

by Matthew Murphy · GitHub ↗ · v0.6.0

cross-platform ✓ Security Clean

594

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install wordpress-rest-api

Description

Work with the WordPress REST API for route discovery, authentication, reads and writes, core endpoint selection, and custom namespace inspection. Use when a...

Usage Guidance

This skill appears to do what it says: discover and inspect WordPress /wp-json routes. Before installing or running it, verify the agent environment has curl and python3 available (the script relies on them). Do not pass long-lived credentials directly on the command line — prefer temporary application passwords and a secure secret manager; the script currently accepts --app-password which can expose secrets via process listings. Be aware the script follows redirects and will make HTTP requests to any provided URL, so running it from an agent with network access can be used to probe internal services; only run it in environments you trust. If you plan to use this in production, consider hardening the script to read passwords from stdin or a protected file/socket and to optionally disable following redirects.

Capability Analysis

Type: OpenClaw Skill Name: wordpress-rest-api Version: 0.6.0 The skill bundle provides a legitimate set of tools and documentation for interacting with the WordPress REST API. The primary script, `scripts/inspect-rest-api.sh`, uses `curl` and a Python helper to discover routes and inspect endpoints, restricted to safe HTTP methods (GET and OPTIONS). The documentation in `SKILL.md` and the `references/` directory correctly guides the agent on authentication and discovery workflows without any evidence of malicious intent, data exfiltration, or prompt injection.

Capability Assessment

ℹ Purpose & Capability

The skill is an inspector for WordPress REST routes and includes reference docs and a discovery script that performs HTTP GET/OPTIONS against /wp-json. That matches the name and description. One mismatch: the skill declares no required binaries or environment variables, yet the provided script clearly requires curl and python3 (and mktemp), so the metadata is incomplete.

✓ Instruction Scope

SKILL.md restricts scope to REST discovery, auth model selection, and inspecting routes. The included script only fetches and prints/parses responses from the target site (GET or OPTIONS), lists namespaces/routes, and pretty-prints JSON. It does not attempt to read unrelated local files or contact third-party endpoints. Caveats: the script follows redirects (--location) and will perform arbitrary HTTP requests to any supplied URL, so if run in an environment with internal network access it can probe internal services. Also, credentials passed on the command line may be visible to other local processes via process lists.

✓ Install Mechanism

There is no install spec (instruction-only plus a script). Nothing is downloaded or written by an installer; the only file that runs is the included shell script. This is the lowest-risk install model.

ℹ Credentials

The skill does not request any environment variables, credentials, or config paths in metadata, which is proportionate to an inspector. However, the script accepts --user and --app-password arguments for Basic Auth; passing credentials on the command line can leak them via process listings. The skill correctly documents application passwords as a legitimate auth model and warns not to embed long-lived credentials in the repo.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills or system-wide agent settings, and is user-invocable only. It retains no privileged persistence.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install wordpress-rest-api
After installation, invoke the skill by name or use /wordpress-rest-api
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.6.0

# wordpress-rest-api 0.6.0 - Added ClawHub card emoji metadata. - No behavior change; this is a presentation and registry metadata update.

v0.5.0

# wordpress-rest-api 0.5.0 - First public release. - Adds live `/wp-json` route discovery, auth guidance, and route inspection support for WordPress REST work.

Metadata

Slug wordpress-rest-api

Version 0.6.0

License —

All-time Installs 8

Active Installs 7

Total Versions 2

Frequently Asked Questions

What is WordPress REST API?

Work with the WordPress REST API for route discovery, authentication, reads and writes, core endpoint selection, and custom namespace inspection. Use when a... It is an AI Agent Skill for Claude Code / OpenClaw, with 594 downloads so far.

How do I install WordPress REST API?

Run "/install wordpress-rest-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is WordPress REST API free?

Yes, WordPress REST API is completely free (open-source). You can download, install and use it at no cost.

Which platforms does WordPress REST API support?

WordPress REST API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created WordPress REST API?

It is built and maintained by Matthew Murphy (@matthewxmurphy); the current version is v0.6.0.

More Skills