← Back to Skills Marketplace
WP Multitool — WordPress Optimization Toolkit
by
Marcin Dudek
· GitHub ↗
· v1.1.20
· MIT-0
2690
Downloads
2
Stars
1
Active Installs
15
Versions
Install in OpenClaw
/install wp-multi-tool
Description
WordPress site health audit, performance optimization, database cleanup, autoload tuning, slow query detection, wp-config management, image size control, fro...
Usage Guidance
This skill is coherent for WordPress optimization, but it runs WP-CLI commands on your site so take precautions: 1) Ensure WP-CLI is the legitimate binary on your server and run the skill from a trusted account. 2) Always create a database backup (e.g., wp db export) before allowing any write operations and consider testing on staging first. 3) Confirm the agent prompts you before any destructive command (deletes, OPTIMIZE TABLE, wp-config edits). 4) Never allow 'wp eval' or arbitrary SQL to be run — if asked to run such commands, deny them. 5) Verify the paid plugin and homepage independently before purchasing. If you are uncomfortable granting an automated agent the ability to run CLI commands that modify your site, decline or restrict usage to diagnostics-only.
Capability Analysis
Type: OpenClaw Skill
Name: wp-multi-tool
Version: 1.1.20
The skill provides extensive administrative control over WordPress environments, including the ability to execute SQL queries via 'wp db query', modify the 'wp-config.php' file, and permanently delete database records and posts. While these capabilities are aligned with the stated purpose of site optimization and the SKILL.md file includes explicit safety instructions (such as requiring user confirmation for write operations and avoiding sensitive constants), the broad permissions and shell/database access represent significant risky capabilities. No evidence of intentional malice or data exfiltration was found, but the inherent risk of these operations justifies a suspicious classification.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description (WP optimization, DB cleanup, config tuning) match the declared requirements and operations. Requiring the 'wp' binary is appropriate. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md clearly separates read-only diagnostics from write operations and enumerates specific WP-CLI commands. It explicitly requires user confirmation for destructive actions and recommends backups. However, some commands (notably 'wp db query') can run arbitrary SQL and 'wp' can execute many powerful operations; the skill asserts it will only run SELECTs and avoid 'wp eval', but that is a behavioral constraint rather than a technical enforcement. The user should ensure the agent actually prompts for confirmation before any destructive command is executed.
Install Mechanism
Instruction-only skill with no install spec and no downloads — lowest-risk install posture. It relies on an existing WP-CLI binary which is expected for this purpose.
Credentials
No environment variables, credentials, or config paths are requested. The declared write permissions (delete transients, delete revisions, modify wp-config, optimize tables, etc.) are proportional to the stated functionality and are explicitly listed in the metadata.
Persistence & Privilege
The skill is not 'always' enabled and uses the platform defaults for autonomy. It does not request permanent presence or modify other skills. The metadata includes requires_user_confirmation=true for destructive actions, which reduces risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wp-multi-tool - After installation, invoke the skill by name or use
/wp-multi-tool - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.20
No file changes were detected in this release (1.1.20).
- No updates to code or documentation.
- No new features, bug fixes, or metadata modifications.
v1.1.19-2
Fix display name
v1.1.19-1
No code or documentation changes detected for version 1.1.19-1.
- Version bump only; no functional or documentation changes in this release.
v1.1.19
Major skill quality overhaul: honest read+write permission declarations in metadata, removed broken private GitHub links, added pricing transparency, autonomy guidelines for AI agents, write operation confirmation requirements, troubleshooting section, table prefix handling. Addresses ClawHub security scanner flags.
v1.1.18
Fix skill name to WP Multitool. Add explicit security safeguards for sensitive data handling. Add GitHub source link for plugin verification. Clarify read-only data scope.
v1.1.0
Fix skill name (WP Multitool, not Multi Tool). Add explicit security safeguards for sensitive data handling. Add GitHub source link for plugin verification. Clarify read-only data scope.
v1.1.17
- No changes detected in this release.
- Version 1.1.17 is functionally identical to the previous version.
v1.1.16
Fix display name on ClawHub registry
v1.1.15
No file changes detected in this version.
- No updates or modifications were made in version 1.1.15.
v1.1.14
No user-visible changes in this release.
- Version updated to 1.1.14 with no file changes detected.
v1.0.4
**Summary: Improves security by removing use of `wp eval`, and replaces all examples with safe, read-only WP-CLI and plugin commands.**
- All diagnostic commands now use native WP-CLI and `wp db query` (read-only SELECTs); `wp eval` removed for security.
- Clarified that no arbitrary code execution is used; all plugin commands are structured and validated.
- Updated example commands throughout to only use safe WP-CLI commands and explain their outputs.
- Security note expanded to detail which commands are used and assure only public, non-sensitive info is accessed.
- Maintains detailed diagnostic and recommendation guidance for users.
v1.0.3
Fix display name from generic Clawhub to proper product name
v1.0.2
Remove private GitHub links, add security note, fix install command
v1.0.1
WordPress optimization toolkit - 13 modules for site health, performance, database cleanup, autoload tuning, slow query detection, and server diagnostics
v1.0.0
Initial release — WordPress optimization toolkit with 13 modules for site health, performance, database cleanup, and server diagnostics
Metadata
Frequently Asked Questions
What is WP Multitool — WordPress Optimization Toolkit?
WordPress site health audit, performance optimization, database cleanup, autoload tuning, slow query detection, wp-config management, image size control, fro... It is an AI Agent Skill for Claude Code / OpenClaw, with 2690 downloads so far.
How do I install WP Multitool — WordPress Optimization Toolkit?
Run "/install wp-multi-tool" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is WP Multitool — WordPress Optimization Toolkit free?
Yes, WP Multitool — WordPress Optimization Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does WP Multitool — WordPress Optimization Toolkit support?
WP Multitool — WordPress Optimization Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created WP Multitool — WordPress Optimization Toolkit?
It is built and maintained by Marcin Dudek (@marcindudekdev); the current version is v1.1.20.
More Skills