whmcs-mcp-server

Module Change Password

whmcs_module_change_password

Updates a WHMCS service account password using the service ID and new password.

Instructions

Change password for a service account

Input Schema

TableJSON Schema

Name	Required	Description	Default
`accountid`	Yes	Service ID
`servicepassword`	No	New password

Implementation Reference

src/index.ts:980-996 (registration)

Registration of the 'whmcs_module_change_password' tool with input schema (accountid required, servicepassword optional) and handler that delegates to whmcsClient.moduleChangePassword()

server.registerTool(
    'whmcs_module_change_password',
    {
        title: 'Module Change Password',
        description: 'Change password for a service account',
        inputSchema: {
            accountid: z.number().describe('Service ID'),
            servicepassword: z.string().optional().describe('New password'),
        },
    },
    async (params) => {
        const result = await whmcsClient.moduleChangePassword(params);
        return {
            content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
        };
    }
);

src/index.ts:985-988 (schema)
Input schema for whmcs_module_change_password: accountid (number, required) and servicepassword (string, optional)
```
inputSchema: {
    accountid: z.number().describe('Service ID'),
    servicepassword: z.string().optional().describe('New password'),
},
```
src/whmcs-client.ts:1142-1147 (handler)
The moduleChangePassword method on WhmcsApiClient that calls WHMCS API action 'ModuleChangePassword' with accountid and optional servicepassword parameters
```
async moduleChangePassword(params: {
    accountid: number;
    servicepassword?: string;
}) {
    return this.call<WhmcsApiResponse>('ModuleChangePassword', params);
}
```

src/whmcs-client.ts:29-63 (helper)

Core API call method that handles authentication, URL construction, parameter flattening, and response parsing for all WHMCS API requests including ModuleChangePassword

async call<T extends WhmcsApiResponse>(action: string, params: Record<string, unknown> = {}): Promise<T> {
    const url = `${this.config.apiUrl.replace(/\/$/, '')}/includes/api.php`;
    
    const postData: Record<string, string> = {
        identifier: this.config.apiIdentifier,
        secret: this.config.apiSecret,
        action: action,
        responsetype: 'json',
        ...this.flattenParams(params)
    };

    if (this.config.accessKey) {
        postData.accesskey = this.config.accessKey;
    }

    const response = await fetch(url, {
        method: 'POST',
        headers: {
            'Content-Type': 'application/x-www-form-urlencoded',
        },
        body: new URLSearchParams(postData).toString(),
    });

    if (!response.ok) {
        throw new Error(`WHMCS API request failed: ${response.status} ${response.statusText}`);
    }

    const data = await response.json() as T;
    
    if (data.result === 'error') {
        throw new Error(`WHMCS API error: ${data.message || 'Unknown error'}`);
    }

    return data;
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full responsibility for behavioral disclosure. It does not mention whether the change triggers notifications, requires permissions, or has side effects like logging or synchronization. The agent has no insight into the tool's side effects or constraints.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, clear sentence with no filler. It is appropriately front-loaded with the action. However, it could benefit from one or two additional sentences without losing conciseness.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (two parameters, no output schema), the description is minimally adequate but lacks completeness. It fails to describe the expected return value or confirmation behavior, and does not clarify whether the password is updated immediately or queued. An AI agent would lack confidence in post-invocation state.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% descriptive coverage for both parameters (accountid and servicepassword). The description adds no additional meaning beyond the schema's own descriptions, so it meets the baseline for schema-dependent parameter understanding. The description's context ('for a service account') is already implied by the parameter names.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states that the tool changes a password for a service account, distinguishing it from other module manipulation tools like module_create or module_suspend. However, it does not specify which type of service (e.g., hosting) or that this action occurs within WHMCS, leaving some ambiguity for an AI agent.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives such as updating client details or sending emails. There is no mention of prerequisites (e.g., the service must exist) or conditions under which the action is appropriate.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/scarecr0w12/whmcs-mcp-tool'

If you have feedback or need assistance with the MCP directory API, please join our Discord server