Tools / Jul 16, 2026 / 3 min read / By Marcin Dudek

How to make your AI agent use WP Multitool

Point your agent at two things: the wp multitool CLI and the ClawHub skill file. Both already exist. Here is how to wire them up, and which commands are safe to run unattended.

If you want your AI agent to work on a WordPress site with WP Multitool, there are two things to point it at: the WP-CLI command, and the skill file. Both already exist. Here's how to wire them up.

The CLI is the interface

WP Multitool registers one WP-CLI command with 14 subcommands. If your agent has shell access and WP-CLI, it can already drive all of it:

wp multitool quickstart    # scan everything, ranked worst-first
wp multitool autoload      # what's bloating your autoloaded options
wp multitool clean         # revisions, transients, orphaned meta
wp multitool db-health     # table sizes, overhead, engine checks
wp multitool debug-log     # size, growth, top offenders
wp multitool doctor        # host/config misconfiguration checks
wp multitool frontend      # emoji scripts, embeds, jQuery migrate
wp multitool health        # environment snapshot: PHP, memory, opcache, db size
wp multitool healthcheck   # pass/fail on autoload size + object cache
wp multitool image         # image sizes and regeneration
wp multitool license       # license status
wp multitool modules       # list/enable/disable modules
wp multitool slow-queries  # captured slow queries + EXPLAIN
wp multitool status        # every module, on or off

12 of the 14 take --format=json. The two that don't, clean and image, are actions rather than reports.

That flag is the thing that makes this work for an agent. Every finding comes back with a severity, a why in plain English, a data block with the raw values, and a fix. The agent reads severity and decides. It doesn't have to parse a table or interpret "OPcache: warning".

$ wp multitool doctor --format=json | jq '.checks.object_cache'
{
  "severity": "info",
  "why": "No persistent object cache drop-in (using DB-backed cache only)",
  "data": { "recommended": "redis", "plugin": "Redis Object Cache" },
  "fix": { "type": "guided", "detail": "..." }
}

The output is compact, so pipe it through jq when you want to read it yourself.

Give it a loop that terminates

Every scan returns a summary block: {"ok": 2, "info": 3, "warn": 0, "critical": 0}. That's your termination condition. Scan, fix the criticals, scan again, stop when the count hits zero.

# 1. scan everything
wp multitool quickstart --format=json

# 2. drill into whatever came back hot
wp multitool autoload --format=json
wp multitool slow-queries list --format=json

# 3. fix the specific thing, with a guard
wp db export backup.sql
wp multitool clean revisions --keep=5 --yes

# 4. scan again, confirm the count moved
wp multitool quickstart --format=json

Step 4 is the one people skip. The agent checks its own work against the same instrument it started with, so "did that help?" has an answer instead of a guess.

One thing worth knowing: doctor downgrades severities when it detects a non-production host, and tells you so with "is_nonprod": true. A staging site shouting CRITICAL about a missing page cache is noise, and an agent acting on that noise wastes your time.

The ClawHub skill

If your agent runs on OpenClaw or ClawHub, there's a skill file that hands it all of the above, plus the part it can't infer: which commands are safe.

openclaw skills install @marcindudekdev/wp-multi-tool

It ships with the plugin too, at docs/wp-multitool-skill/SKILL.md, so you can read it before you install anything.

The useful part is the autonomy split. The read commands - quickstart, status, health, db-health, autoload, slow-queries, frontend - are marked safe to run without asking. Six things are marked always-confirm: wp multitool clean, wp multitool frontend enable-all, and the core WP-CLI commands the skill pairs them with (wp transient delete, wp post delete --force, wp db optimize, wp config set). For any of them it tells the agent to recommend wp db export first. The skill's metadata declares the same thing machine-readably, so a host that reads permissions gets it without parsing prose.

I wrote that down because an agent shouldn't have to infer from a command name whether something is destructive. clean sounds harmless. It permanently deletes post revisions.

The read-only diagnostics in that skill are plain WP-CLI and SQL, so they work on any WordPress 5.8+ site, with or without the plugin. The wp multitool subcommands need it installed.

If you wire an agent up this way and it breaks somewhere, I'd like to hear where.

Find what is slowing your WordPress

WP Multitool - 19 modules, from $79/year, zero bloat.

Get WP Multitool

Built by Marcin Dudek.