Agent Tools

Tool Categories Overview

Agent Builder ships with 155+ tools organised into categories. Each category groups tools by the type of WordPress resource or action they work with. Here is what each category covers:

• Content — Read, create, update, and delete WordPress posts and pages. Generate post outlines, expand drafts, improve readability, create headings, and manage Gutenberg block content programmatically.
• SEO — Read and write Yoast SEO and Rank Math meta fields. Analyse keyword density, generate meta descriptions, check title lengths, audit internal links, and submit URLs to Google Search Console for indexing.
• Database — Execute read-only SQL queries against the WordPress database. Retrieve custom field values, query custom post types, and aggregate data across the site without writing PHP code.
• WordPress — Manage plugins and themes (list, activate, deactivate), read site options, check user accounts, query taxonomies, manage menus, and interact with core WordPress settings.
• Media — List and search the media library, read image metadata, generate alt text, rename files, move attachments between posts, and query images by size or type.
• Security — Check user login history, review failed authentication attempts, scan for common file permission issues, audit active plugins for known vulnerabilities, and verify WordPress core file integrity.
• Performance — Run PageSpeed Insights audits, check Core Web Vitals, measure Time to First Byte, identify slow database queries, and get optimisation recommendations.
• Forms — Read Contact Form 7, WPForms, and Gravity Forms submissions; list active forms; retrieve field configurations; and query submission counts by date range.
• Analytics — Query Google Analytics 4 data directly from the WordPress admin — page views, session counts, top pages, traffic sources, and user engagement metrics.
• WooCommerce — Read and write product data, manage inventory, query orders, check customer records, and generate product description drafts. Requires WooCommerce to be active.
• CLI — Run a curated subset of WP-CLI commands for tasks that are not covered by other tool categories. All CLI tools require explicit user confirmation before executing.

Risk Levels

Every tool in Agent Builder is assigned a risk level that controls how it is handled during execution:

• Read-only (Level 1) — Auto-approved. The tool reads data and returns it. No changes are made to the site. Examples: get_post, list_plugins, query_database.
• Low write (Level 2) — Auto-approved in autonomous mode, confirmed in supervised mode. Adds or modifies non-critical data. Examples: update_post_meta, add_tag.
• Medium write (Level 3) — Requires user confirmation in both modes. Modifies published content or settings. Examples: update_post, change_site_option.
• High write (Level 4) — Always requires confirmation. Deletes content or changes security-sensitive settings. Examples: delete_post, change_user_role.
• Extreme (Level 5) — Disabled by default. Requires explicit opt-in in settings. Examples: run_arbitrary_sql, execute_shell_command.

Frequently Asked Questions

Can I disable specific tools for a particular agent?

Yes. In Settings → Agents → Chat Feature Overrides, you can toggle individual tool categories on or off per agent. You can also set the confirmation mode per agent — so one agent always prompts before writes while another runs autonomously. This lets you give a public-facing agent read-only access while giving your admin agent full write access.

Do tools run on my server or on Agentic’s infrastructure?

Tools execute on your WordPress server. When the LLM decides to call a tool, the call is sent back to your WordPress installation via its REST API, which then executes the corresponding PHP function. Agentic’s servers are never in the execution path for tool calls — only the initial AI inference request routes through the LLM provider. This means tools have access to your full WordPress environment including the database, file system, and installed plugins.

Can tools access files outside the WordPress directory?

File system tools are restricted to paths within the WordPress root and the wp-content directory. Tools cannot read or write to parent directories, system files, or paths outside the WordPress installation. This restriction is enforced at the tool level and cannot be overridden by prompt injection.

How do I build a custom tool?

Custom tools are built in PHP by extending the Tool_Base class and implementing five methods: get_name(), get_description(), get_category(), get_parameters(), and execute(). Parameters use OpenAI function-calling JSON schema format so the LLM understands the tool’s inputs. See Building a Custom Agent for a full walkthrough and code examples.

What is the difference between core tools and agent-specific tools?

Core tools are available to every agent by default — they cover the WordPress core operations (reading posts, querying the database, managing plugins). Agent-specific tools are contributed by bundled or marketplace agents and are only active when that agent is enabled. For example, the SEO Assistant contributes SEO-specific tools that are only available when the SEO Assistant agent is active. Disabling the SEO Assistant removes its tools from the tool pool for all agents.

Related Articles

• Skills
• Capabilities Overview
• Building a Custom Agent
• Permissions and Safety
• MCP Integration