If you want your AI agent to work on a WordPress site with WP Multitool, there are two things to point it at: the WP-CLI command, and the skill file. Both already exist. Here's how to wire them up.
The CLI is the interface
WP Multitool registers one WP-CLI command with 14 subcommands. If your agent has shell access and WP-CLI, it can already drive all of it:
wp multitool quickstart # scan everything, ranked worst-first
wp multitool autoload # what's bloating your autoloaded options
wp multitool clean # revisions, transients, orphaned meta
wp multitool db-health # table sizes, overhead, engine checks
wp multitool debug-log # size, growth, top offenders
wp multitool doctor # host/config misconfiguration checks
wp multitool frontend # emoji scripts, embeds, jQuery migrate
wp multitool health # environment snapshot: PHP, memory, opcache, db size
wp multitool healthcheck # pass/fail on autoload size + object cache
wp multitool image # image sizes and regeneration
wp multitool license # license status
wp multitool modules # list/enable/disable modules
wp multitool slow-queries # captured slow queries + EXPLAIN
wp multitool status # every module, on or off
12 of the 14 take --format=json. The two that don't, clean and image, are actions rather than reports.
That flag is the thing that makes this work for an agent. Every finding comes back with a severity, a why in plain English, a data block with the raw values, and a fix. The agent reads severity and decides. It doesn't have to parse a table or interpret "OPcache: warning".
$ wp multitool doctor --format=json | jq '.checks.object_cache'
{
"severity": "info",
"why": "No persistent object cache drop-in (using DB-backed cache only)",
"data": { "recommended": "redis", "plugin": "Redis Object Cache" },
"fix": { "type": "guided", "detail": "..." }
}
The output is compact, so pipe it through jq when you want to read it yourself.
Give it a loop that terminates
Every scan returns a summary block: {"ok": 2, "info": 3, "warn": 0, "critical": 0}. That's your termination condition. Scan, fix the criticals, scan again, stop when the count hits zero.
# 1. scan everything
wp multitool quickstart --format=json
# 2. drill into whatever came back hot
wp multitool autoload --format=json
wp multitool slow-queries list --format=json
# 3. fix the specific thing, with a guard
wp db export backup.sql
wp multitool clean revisions --keep=5 --yes
# 4. scan again, confirm the count moved
wp multitool quickstart --format=json
Step 4 is the one people skip. The agent checks its own work against the same instrument it started with, so "did that help?" has an answer instead of a guess.
One thing worth knowing: doctor downgrades severities when it detects a non-production host, and tells you so with "is_nonprod": true. A staging site shouting CRITICAL about a missing page cache is noise, and an agent acting on that noise wastes your time.
The ClawHub skill
If your agent runs on OpenClaw or ClawHub, there's a skill file that hands it all of the above, plus the part it can't infer: which commands are safe.
openclaw skills install @marcindudekdev/wp-multi-tool
It ships with the plugin too, at docs/wp-multitool-skill/SKILL.md, so you can read it before you install anything.
The useful part is the autonomy split. The read commands - quickstart, status, health, db-health, autoload, slow-queries, frontend - are marked safe to run without asking. Six things are marked always-confirm: wp multitool clean, wp multitool frontend enable-all, and the core WP-CLI commands the skill pairs them with (wp transient delete, wp post delete --force, wp db optimize, wp config set). For any of them it tells the agent to recommend wp db export first. The skill's metadata declares the same thing machine-readably, so a host that reads permissions gets it without parsing prose.
I wrote that down because an agent shouldn't have to infer from a command name whether something is destructive. clean sounds harmless. It permanently deletes post revisions.
The read-only diagnostics in that skill are plain WP-CLI and SQL, so they work on any WordPress 5.8+ site, with or without the plugin. The wp multitool subcommands need it installed.
If you wire an agent up this way and it breaks somewhere, I'd like to hear where.