Audit plugins from any AI tool
The WP HealthKit MCP server exposes your audit capabilities directly inside AI coding assistants. Ask your AI to audit a plugin, check findings, or pull fix suggestions — without leaving your editor.
Audit WordPress plugins without leaving your editor
The MCP (Model Context Protocol) server lets AI coding tools — Claude Desktop, Claude Code, Cursor, Windsurf — call WP HealthKit's 46-layer audit engine directly from your editor. You stay in your flow while the audit runs in the background. Results come back as structured data your AI assistant can read, summarise, and act on — findings by severity, exact file and line, and AI-generated fix prompts.
Available tools
audit_plugin
Submit a plugin ZIP file or wp.org slug for a full 46-layer audit. Returns a job ID to poll for results.
get_audit_status
Poll an audit by job ID. Returns status (pending / processing / complete) and a progress indicator.
get_findings
Retrieve structured findings for a completed audit: severity, affected file, line number, and fix hint.
get_fix_prompt
Get an AI-generated fix prompt for a specific finding ID. Paste directly into your editor.
check_plugin
Fast severity check by slug or ZIP. Returns critical and high finding counts. Returns exit code 1 if findings found.
list_audits
List your recent audits with status, date, and overall security grade.
Supported AI tools
Quick setup
Add this JSON to your AI tool's MCP configuration file. Done.
{
"mcpServers": {
"wphealthkit": {
"command": "npx",
"args": ["-y", "@wphealthkit/mcp"],
"env": { "WPHK_API_KEY": "YOUR_API_KEY" }
}
}
}What it looks like in practice
Open a plugin file in Cursor. Ask Claude: “audit this plugin and show me the critical findings.” The WP HealthKit MCP server submits the plugin, waits for results, and returns structured findings inline — no browser tab, no copy-paste, no context switch. Ask “give me a fix prompt for finding #3” and WP HealthKit returns a code-level suggestion you can apply immediately. The entire audit-to-fix loop happens inside your editor.
Common questions
Which AI tools support the MCP server?
Claude Desktop, Claude Code, Cursor, and Windsurf are fully supported. Any tool that implements the MCP standard can connect using the same config block.
Does it work with local plugin files or only wp.org slugs?
Both. Pass a file path to a local ZIP, or pass a wp.org plugin slug to audit directly from the WordPress.org directory.
Do I need a Pro plan to use MCP?
Yes. MCP access is available on Pro (£29/mo) and above. Free and Single Audit accounts use the web UI at wphealthkit.com.
Add WP HealthKit to your AI workflow
Five-line setup. Audit WordPress plugins without leaving your editor.