Skip to main content
Glama
houtini-ai

Houtini-lm

by houtini-ai
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Local

audit_wordpress_plugin

Analyze WordPress plugins for security vulnerabilities, performance issues, code quality, and dependency management through structured multi-step auditing.

Instructions

Comprehensive WordPress plugin audit - chains multiple analysis steps for security, performance, dependencies, and code quality

WORKFLOW: Perfect for understanding complex code, identifying issues, and technical debt assessment TIP: Use Desktop Commander to read files, then pass content here for analysis SAVES: Claude context for strategic decisions

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
auditDepthNoDepth of audit analysiscomprehensive
auditTypeNoType of audit focusfull-audit
includeStepsNoAnalysis steps to include in audit
maxDepthNoMaximum directory depth for analysis (1-5)
phpVersionNoTarget PHP version for compatibility checks8.0
projectPathYesPath to WordPress plugin root directory
wpVersionNoTarget WordPress version for compatibility checks6.4

Implementation Reference

  • src/prompts/analyze/wordpress-plugin-audit.ts:100-116 (handler)
    Main handler function that orchestrates the WordPress plugin audit execution, including validation, model setup, and chained analysis.
    async execute(params: any, llmClient: any) { return await withSecurity(this, params, llmClient, async (secureParams) => { try { // 1. Validate WordPress plugin structure this.validateWordPressPlugin(secureParams); // 2. Setup model const { model, contextLength } = await ModelSetup.getReadyModel(llmClient); // 3. Execute chained analysis workflow return await this.executeChainedAnalysis(secureParams, llmClient, model, contextLength); } catch (error: any) { return ErrorHandler.createExecutionError('audit_wordpress_plugin', error); } }); }
  • src/prompts/analyze/wordpress-plugin-audit.ts:131-213 (handler)
    Core chained analysis orchestrator that executes multiple sub-tools (structure, dependencies, security, etc.) and synthesizes results.
    private async executeChainedAnalysis(params: any, llmClient: any, model: any, contextLength: number) { const auditSteps = params.includeSteps || ['structure', 'dependencies', 'security', 'database', 'quality']; const results: Record<string, any> = {}; const stepExecutionLog: string[] = []; try { stepExecutionLog.push(`Starting WordPress plugin audit with ${auditSteps.length} steps`); // Step 1: Project Structure Overview if (auditSteps.includes('structure')) { stepExecutionLog.push('Executing: Project structure analysis'); results.structure = await this.runAnalysisStep('count_files', { projectPath: params.projectPath, analysisType: 'comprehensive', maxDepth: params.maxDepth }, llmClient); stepExecutionLog.push(`Structure analysis: ${results.structure.success ? 'SUCCESS' : 'FAILED'}`); } // Step 2: Dependencies Analysis if (auditSteps.includes('dependencies')) { stepExecutionLog.push('Executing: Dependencies analysis'); results.dependencies = await this.runAnalysisStep('analyze_dependencies', { projectPath: params.projectPath, analysisType: 'comprehensive', includePackageJson: true, checkDevDependencies: false }, llmClient); stepExecutionLog.push(`Dependencies analysis: ${results.dependencies.success ? 'SUCCESS' : 'FAILED'}`); } // Step 3: WordPress Security Audit if (auditSteps.includes('security')) { stepExecutionLog.push('Executing: WordPress security analysis'); results.security = await this.runAnalysisStep('analyze_wordpress_security', { projectPath: params.projectPath, wpType: 'plugin', wpVersion: params.wpVersion, analysisType: 'comprehensive', includeOwaspTop10: true }, llmClient); stepExecutionLog.push(`Security analysis: ${results.security.success ? 'SUCCESS' : 'FAILED'}`); } // Step 4: Database Query Analysis if (auditSteps.includes('database')) { stepExecutionLog.push('Executing: Database query analysis'); results.database = await this.runAnalysisStep('analyze_database_queries', { projectPath: params.projectPath, analysisType: 'comprehensive', context: { projectType: 'wordpress-plugin' } }, llmClient); stepExecutionLog.push(`Database analysis: ${results.database.success ? 'SUCCESS' : 'FAILED'}`); } // Step 5: Code Quality Assessment if (auditSteps.includes('quality')) { stepExecutionLog.push('Executing: Code quality analysis'); results.quality = await this.runAnalysisStep('analyze_code_quality', { projectPath: params.projectPath, analysisType: 'comprehensive', language: 'php' }, llmClient); stepExecutionLog.push(`Quality analysis: ${results.quality.success ? 'SUCCESS' : 'FAILED'}`); } // Step 6: Synthesize all results stepExecutionLog.push('Synthesizing comprehensive audit report'); const synthesizedResults = await this.synthesizeAuditResults({ ...results, executionLog: stepExecutionLog, completedSteps: auditSteps.filter(step => results[step]?.success), failedSteps: auditSteps.filter(step => results[step]?.success === false) }, params, model, contextLength); stepExecutionLog.push('Audit synthesis: COMPLETED'); return synthesizedResults; } catch (error: any) { stepExecutionLog.push(`Audit failed: ${error.message}`); return ErrorHandler.createExecutionError('audit_wordpress_plugin', error); } }
  • src/prompts/analyze/wordpress-plugin-audit.ts:36-89 (schema)
    Input schema defining parameters for the tool, including projectPath, auditDepth, auditType, etc.
    parameters = { // Multi-file parameters (primary mode for plugin audit) projectPath: { type: 'string' as const, description: 'Path to WordPress plugin root directory', required: true }, // Analysis configuration auditDepth: { type: 'string' as const, description: 'Depth of audit analysis', enum: ['basic', 'detailed', 'comprehensive'], default: 'comprehensive', required: false }, auditType: { type: 'string' as const, description: 'Type of audit focus', enum: ['security', 'performance', 'quality', 'full-audit'], default: 'full-audit', required: false }, // Analysis step configuration includeSteps: { type: 'array' as const, description: 'Analysis steps to include in audit', required: false, items: { type: 'string' as const }, default: ['structure', 'dependencies', 'security', 'database', 'quality'] }, maxDepth: { type: 'number' as const, description: 'Maximum directory depth for analysis (1-5)', required: false, default: 4 }, // WordPress-specific context wpVersion: { type: 'string' as const, description: 'Target WordPress version for compatibility checks', required: false, default: '6.4' }, phpVersion: { type: 'string' as const, description: 'Target PHP version for compatibility checks', required: false, default: '8.0' } };
  • src/prompts/analyze/wordpress-plugin-audit.ts:30-33 (registration)
    Plugin class definition and registration with tool name 'audit_wordpress_plugin' and description.
    export class WordPressPluginAuditor extends BasePlugin implements IPromptPlugin { name = 'audit_wordpress_plugin'; category = 'analyze' as const; description = 'Comprehensive WordPress plugin audit - chains multiple analysis steps for security, performance, dependencies, and code quality';
  • src/prompts/analyze/wordpress-plugin-audit.ts:332-477 (helper)
    Helper method generating the multi-stage prompt for synthesizing audit results into a comprehensive report.
    private getMultiFilePromptStages(params: any): PromptStages { const { analysisResult, auditType, auditDepth, wpVersion, phpVersion, stepCount } = params; const systemAndContext = `You are a senior WordPress plugin security and performance expert with 15+ years of experience auditing enterprise WordPress installations. **AUDIT CONTEXT:** - Audit Type: ${auditType} - Audit Depth: ${auditDepth} - Analysis Steps Completed: ${stepCount} - Target WordPress Version: ${wpVersion} - Target PHP Version: ${phpVersion} - Plugin Type: WordPress Plugin **YOUR EXPERTISE:** You are internationally recognized for: - WordPress plugin security auditing and penetration testing - Performance optimization for high-traffic WordPress sites - Code quality assessment for WordPress.org repository submissions - Database optimization and query performance analysis - Dependency management and conflict resolution **AUDIT METHODOLOGY:** 1. **Security Assessment**: OWASP Top 10, WordPress-specific vulnerabilities 2. **Performance Analysis**: Database queries, caching, resource usage 3. **Code Quality Review**: WordPress Coding Standards, best practices 4. **Dependency Analysis**: Plugin conflicts, version compatibility 5. **Architecture Review**: Plugin structure, hooks usage, extensibility **CRITICAL FOCUS AREAS:** - SQL injection vulnerabilities in custom queries - XSS vulnerabilities in admin interfaces and frontend output - CSRF protection through nonces validation - Capability and permission checks - Data sanitization and validation - Performance bottlenecks in database queries - Unused code and dependencies - WordPress API compliance and best practices`; const dataPayload = `**COMPREHENSIVE AUDIT RESULTS:** ${JSON.stringify(analysisResult, null, 2)}`; const outputInstructions = `**PROVIDE COMPREHENSIVE WORDPRESS PLUGIN AUDIT REPORT:** { "executiveSummary": { "overallRating": "critical|high-risk|medium-risk|low-risk|excellent", "primaryConcerns": ["concern1", "concern2", "concern3"], "strengths": ["strength1", "strength2"], "recommendedActions": ["action1", "action2"], "timeToFix": "immediate|1-2 days|1 week|2+ weeks" }, "securityAssessment": { "criticalVulnerabilities": [ { "type": "SQL Injection|XSS|CSRF|Authentication Bypass", "severity": "critical|high|medium|low", "location": "specific file and line", "description": "detailed vulnerability description", "exploit": "how this could be exploited", "fix": "specific fix with code example" } ], "securityScore": "A|B|C|D|F", "complianceIssues": ["OWASP issue 1", "WordPress security issue 2"] }, "performanceAssessment": { "databaseIssues": [ { "type": "N+1 Query|Missing Index|Inefficient Query|Direct SQL", "severity": "critical|high|medium|low", "location": "file and function", "impact": "performance impact description", "optimization": "specific optimization recommendation" } ], "performanceScore": "A|B|C|D|F", "bottlenecks": ["bottleneck1", "bottleneck2"], "optimizations": ["optimization1", "optimization2"] }, "codeQualityAssessment": { "wordpressStandards": { "compliance": "high|medium|low", "violations": ["violation1", "violation2"], "score": "A|B|C|D|F" }, "maintainability": { "score": "high|medium|low", "issues": ["issue1", "issue2"], "improvements": ["improvement1", "improvement2"] } }, "dependencyAssessment": { "unusedCode": ["unused file 1", "unused function 2"], "conflicts": ["potential conflict 1"], "outdatedDependencies": ["dependency1", "dependency2"], "recommendations": ["remove unused X", "update Y to version Z"] }, "actionPlan": { "immediate": [ { "priority": 1, "task": "fix critical security vulnerability", "estimatedTime": "2 hours", "risk": "critical" } ], "shortTerm": [ { "priority": 2, "task": "optimize database queries", "estimatedTime": "4 hours", "risk": "medium" } ], "longTerm": [ { "priority": 3, "task": "refactor architecture", "estimatedTime": "2 days", "risk": "low" } ] }, "complianceReport": { "wordpressOrgReady": true, "issuesBlocking": ["issue1", "issue2"], "recommendationsForSubmission": ["recommendation1", "recommendation2"] } } **REQUIREMENTS:** - Provide specific file names and line numbers for all issues - Include code examples for fixes where applicable - Prioritize findings by business impact and security risk - Ensure all recommendations are actionable and testable - Focus on WordPress-specific best practices and security guidelines`; return { systemAndContext, dataPayload, outputInstructions }; }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/houtini-ai/lm'

If you have feedback or need assistance with the MCP directory API, please join our Discord server