plugin-icon

Agent Abilities for MCP – MCP Server for AI Agents

Connect AI agents to your WordPress site as a scoped, least-privilege user over MCP. Off by default, every call audited.
Versione
1.0.0
Ultimo aggiornamento
Jul 2, 2026
Agent Abilities for MCP – MCP Server for AI Agents

Agent Abilities for MCP is a WordPress plugin that turns your site into a governed Model Context Protocol (MCP) server. It exposes 153 curated WordPress “abilities” (tools) to AI agents like Claude, Cursor, and VS Code over MCP, so your AI client can read and, when you allow it, write to your site as a real, least-privilege WordPress user you choose. It is built on the WordPress 6.9 Abilities API and the official MCP Adapter, so there is no custom server or transport to trust.

Nothing is exposed until you turn it on. The agent only ever acts as the WordPress user you bind it to, never an admin-equivalent key, and every call is re-checked against that user’s capabilities and logged before it runs, denials included. You add reach as you build trust, not all at once. Your own AI client connects in to your site; the plugin makes zero outbound calls and has no telemetry.

Model Context Protocol (MCP) is an open specification originally developed by Anthropic. Claude, ChatGPT, Cursor, VS Code, Gemini, and other product names are trademarks of their respective owners. Agent Abilities for MCP is a third-party plugin and is not affiliated with, endorsed by, or sponsored by any of them.

🛡️ Least-privilege access by design

  • Least privilege by design. The AI agent connects as a real, scoped WordPress user through OAuth or an Application Password, never an admin-equivalent key.
  • Off by default. Nothing is exposed until you enable it, and updates never silently widen access.
  • Two-layer capability gating. A connection only sees the tools its user can call, and every call re-checks that capability before it runs.
  • Honest audit log. Every call is recorded, denied attempts included, with the principal and the argument keys (never the values). It lives in your own database and clears from the admin.
  • Bounded by construction. No arbitrary option or meta access, no remote URL fetch, no code execution. Uploads are decoded from inline data and checked by their real bytes against an image allow-list, never fetched from a URL. A created user gets the site default role, never admin, and the last administrator can never be removed. Anything destructive is off by default and capability-gated, and deletes go to Trash where the ability supports it.
  • Optional safety controls. Switch on a per-minute rate limit, an IP allowlist, a force-to-draft mode, or a title-length cap. All four stay off until you set them.
  • No data leaves your site. The plugin contacts no AI provider and no external service. Your AI client connects in; the plugin never reaches out.
  • Two ways to connect. Approve an agent in the browser over OAuth, with no secret to store, or point a dedicated low-privilege user at an Application Password. A guided screen builds the client config and checks the endpoint for you.

🤖 Built on the WordPress Abilities API and MCP Adapter

WordPress 6.9 ships the Abilities API and the official MCP Adapter. Agent Abilities for MCP registers a curated, governed set of abilities on top of them rather than inventing its own protocol or transport. It builds on the official MCP Adapter library (wordpress/mcp-adapter) rather than a custom server, so there is no bespoke server to trust and the plugin inherits the standard’s behavior. What it adds is the governance layer: the off-by-default catalog, the capability gating, the safety controls, and the audit log for running the Model Context Protocol on WordPress.

📦 153 governed abilities

Version 1.0.0 ships 153 governed abilities: 83 across WordPress core and 70 from auto-detected integrations. Every one is off until you enable it, scoped to the bound user, capability-gated, and logged.

WordPress core (83 abilities). Reads plus guarded writes across your whole site:

  • 📝 Posts & Pages: list, read, create, update, and delete posts and pages, with destructive actions off by default and deletes routed to Trash.
  • 🏷️ Terms & Taxonomies: manage categories, tags, and custom taxonomy terms.
  • 💬 Comments: read and moderate the comment queue.
  • 🖼️ Media: list and read the media library, and add images decoded from inline data and validated by their real bytes against an image allow-list (never fetched from a URL).
  • 🗂️ Post Meta: read and write only the meta keys an administrator has explicitly allowlisted. Protected, underscore-prefixed, and authentication keys can never be allowlisted.
  • 👥 Users: read and manage users within capability limits. A new user gets the site default role, never admin, and the last administrator can never be removed.
  • 🧭 Site structure: work with menus and the structural pieces that hold the site together.
  • 🕓 Revision history: read the revision trail for content.
  • 🧱 Blocks & Templates: work with reusable blocks, themes, and templates.
  • ⚙️ Limited settings & site health: a tightly scoped set of settings, plus read-only site health and plugin status.
  • 🔍 Site-wide search: one search that spans every post type at once.

Integrations (70 abilities). Detected automatically per active plugin, off until you turn them on, capability-gated, and logged. Each appears only while its host plugin is active:

  • 🛒 WooCommerce MCP (52 abilities): read and write products, orders, and customers so an AI agent can help run your store. These touch real customer and order data, including personal data such as names, emails, and addresses, so they sit behind a clear admin notice and stay off until you switch them on.
  • 🧩 Advanced Custom Fields (7 abilities): read and write ACF field data. Like WooCommerce, these can reach real personal data and sit behind the same clear notice.
  • 📈 Rank Math SEO (5 abilities): read and manage Rank Math SEO data.
  • 📈 Yoast SEO (3 abilities): read and manage Yoast SEO data.
  • 📈 All in One SEO (3 abilities): read and manage AIOSEO data.

More integrations are planned.

🔌 Connect Claude, Cursor and other MCP clients

Connect any MCP client that can reach your endpoint: Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, and Gemini CLI, some directly and some through the open-source mcp-remote bridge that runs on your own machine. With OAuth you paste the endpoint URL and approve once in the browser; with an Application Password you point a low-privilege user at the endpoint. Hosted ChatGPT and Gemini apps want a streamable HTTP/SSE remote connector that the underlying adapter does not serve natively yet.

External Services

This plugin does not contact any external service. It registers abilities on your own site and answers the requests your AI client sends to it. It makes no outbound requests of its own and includes no analytics or telemetry.

Connecting an AI client to your site is done by the client, not by this plugin. Some MCP clients reach your endpoint directly; others use a small bridge program that runs on your own computer, such as the open-source mcp-remote tool or @automattic/mcp-wordpress-remote. Neither bridge is bundled with this plugin or run by it. You install and run it yourself, and it talks only to your site and your local AI client. Their terms are on their own pages:

  • mcp-remote: https://www.npmjs.com/package/mcp-remote
  • @automattic/mcp-wordpress-remote: https://www.npmjs.com/package/@automattic/mcp-wordpress-remote
Gratuitosui piani a pagamento
Testato fino alla versione
WordPress 7.0
Questo plugin ora può essere scaricato per il tuo sito .