← Back to Skills Marketplace
codedao12

Wordpress REST API

by codedao12 · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
5192
Downloads
7
Stars
24
Active Installs
1
Versions
Install in OpenClaw
/install wordpress
Description
OpenClaw skill that provides a WordPress REST API CLI for posts, pages, categories, tags, users, and custom requests using plain HTTP.
README (SKILL.md)

WordPress REST API Skill (Advanced)

Purpose

Provide a production-ready CLI for WordPress REST API automation. This skill focuses on content workflows (posts/pages), taxonomy (categories/tags), user reads, and safe custom requests without external HTTP libraries.

Best fit

  • You want a stable CLI for automation and bot workflows.
  • You need JSON-in/JSON-out for pipelines.
  • You prefer simple HTTP with no extra dependencies.

Not a fit

  • You must handle OAuth flows or complex browser-based auth.
  • You need advanced media uploads (multipart streaming).

Requirements

  • Node.js 18+ (for native fetch).

One-time setup

  1. Enable the WordPress REST API (default in modern WordPress).
  2. Create an Application Password for a WordPress user.
  3. Confirm the user has the right role (e.g., Editor/Admin).

Install

cd wordpress
npm install

Run

node scripts/wp-cli.js help
node scripts/wp-cli.js posts:list --query per_page=5
node scripts/wp-cli.js posts:create '@post.json'

You can also use npm:

npm run wp -- posts:list --query per_page=5

Credentials

Supported options (first match wins):

  • Basic auth token: WP_BASIC_TOKEN (base64 of user:app_password)
  • User + app password: WP_USER + WP_APP_PASSWORD
  • JWT bearer token: WP_JWT_TOKEN

Required env

  • WP_BASE_URL (e.g., https://example.com)

Input conventions

  • JSON can be inline or loaded from file with @path.
  • Query params use --query key=value (repeatable) or --query key1=value1,key2=value2.

Command map (high level)

Posts:

  • posts:list, posts:get, posts:create, posts:update, posts:delete

Pages:

  • pages:list, pages:get, pages:create, pages:update, pages:delete

Taxonomy:

  • categories:list, categories:create
  • tags:list, tags:create

Users:

  • users:list, users:get

Advanced:

  • request (raw method + path)

Operational guidance

  • Prefer context=view for read-only list calls.
  • Use status=draft when staging content.
  • Implement retries for 429 and transient 5xx errors in orchestrators.

Expected output

  • JSON to stdout; non-zero exit code on errors.

Security notes

  • Never log or commit tokens or application passwords.
  • Use a dedicated low-privilege WordPress account where possible.
Usage Guidance
Install only if you want an agent to operate a WordPress site through the REST API. Configure WP_BASE_URL to the intended HTTPS site, use a dedicated low-privilege WordPress application password, avoid passing sensitive local files with @file, and require explicit approval before create, update, delete, publish, or raw request commands.
Capability Analysis
Type: OpenClaw Skill Name: wordpress Version: 1.0.0 The skill is classified as suspicious due to its ability to read arbitrary local files and send their content as JSON payloads to the configured WordPress API. Specifically, the `jsonFromArg` function in `scripts/wp-cli.js` uses `fs.readFileSync` on user-provided file paths (prefixed with '@'), which could be exploited by a compromised agent or malicious user to read sensitive files (e.g., `/etc/passwd`, SSH keys) and exfiltrate them via the WordPress API. Additionally, the `request` command allows arbitrary HTTP methods and paths relative to the WordPress API root, granting broad control over the target WordPress instance.
Capability Assessment
Purpose & Capability
The ability to list, create, update, and delete WordPress posts/pages and create taxonomy terms matches the stated WordPress REST API automation purpose. The high-impact content mutation capability is disclosed and expected.
Instruction Scope
Commands are explicit in the documentation, including JSON input via @file and an advanced raw request command. The raw request path is broad within the WordPress REST API, so it should only be used for clearly user-directed operations.
Install Mechanism
The package defines local Node.js script aliases and has no external npm dependencies, remote installer, hidden downloads, or automatic startup behavior.
Credentials
The skill reads WP_BASE_URL and optional WordPress auth environment variables, which is proportionate for a WordPress API integration and disclosed in SKILL.md and env_example.md.
Persistence & Privilege
No persistence, background worker, or privilege escalation is shown. Effective authority depends on the WordPress account or token supplied, which may allow publishing, editing, deleting, or user reads.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wordpress
  3. After installation, invoke the skill by name or use /wordpress
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the WordPress REST API CLI skill. - Provides a simple CLI for automating WordPress post, page, taxonomy, and user management via the REST API. - Supports JSON-in/JSON-out workflows with minimal dependencies (only native HTTP). - Credentials can be supplied via environment variables for Basic, App Password, or JWT authentication. - Allows advanced custom requests and input via file or command line. - Installation and setup require Node.js 18+ and WordPress REST API/application passwords. - Includes operational guidance and security best practices in documentation.
Metadata
Slug wordpress
Version 1.0.0
License
All-time Installs 24
Active Installs 24
Total Versions 1
Frequently Asked Questions

What is Wordpress REST API?

OpenClaw skill that provides a WordPress REST API CLI for posts, pages, categories, tags, users, and custom requests using plain HTTP. It is an AI Agent Skill for Claude Code / OpenClaw, with 5192 downloads so far.

How do I install Wordpress REST API?

Run "/install wordpress" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wordpress REST API free?

Yes, Wordpress REST API is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Wordpress REST API support?

Wordpress REST API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wordpress REST API?

It is built and maintained by codedao12 (@codedao12); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments