A collection of Claude Code skills and agents for building, reviewing, and maintaining WordPress and WooCommerce plugins. These tools encode professional development standards, security best practices, and UX guidelines drawn from the official WordPress Plugin Handbook, WooCommerce developer documentation, and fintech-grade security practices.
WooCommerce Plugin Development — A comprehensive skill that guides you through building WooCommerce Marketplace-ready plugins from scratch. It operates in two phases:
- Project Discovery — structured interview to produce a project brief
- Development Execution — scaffold and build following all standards
Includes 6 reference documents covering every aspect of plugin development:
| Reference | What It Covers |
|---|---|
| Coding Standards | WordPress PHP/JS/CSS standards, WPCS 3.3.0+, PSR-4 autoloading |
| Security | Input sanitization, output escaping, nonces, CSRF, SQL injection prevention, PCI-DSS |
| Testing | PHPUnit, Playwright E2E, security tests, financial precision tests, CI/CD |
| Plugin Architecture | File structure, bootstrapping, HPOS declaration, uninstall handlers |
| WooCommerce APIs | Order/Product CRUD, hooks, REST API, Store API, Action Scheduler |
| UX Guidelines | Navigation, settings design, onboarding, admin notices, accessibility |
Also includes evaluation benchmarks with 3 test scenarios.
WooCommerce Finalization — Pre-release code health and traceability audit. Runs after code review to catch structural issues that checklists miss:
- Code Health — dead code detection, duplication analysis, structural complexity (god classes, deep nesting)
- Traceability Analysis — end-to-end verification tracing every UI interaction through AJAX/REST handlers, business logic, data access, and database. Includes 5 payment-gateway-specific trace paths (payment, refund, settings, token, webhook flows)
WooCommerce Upgrade Safety — Pre-release upgrade safety review that validates what happens when existing merchants upgrade between versions:
- Database Migration Safety — idempotency, batching, version gates, HPOS dual-table compatibility
- Payment Continuity — saved token preservation, active subscription safety, pending transaction handling, webhook backward compatibility
- Hook/Filter Compatibility — removed hooks, changed signatures, deprecation notices
- Rollback Safety — downgrade resilience, WordPress auto-update safety
- Changelog Quality — upgrade notices, breaking change documentation, version metadata
WooCommerce UX Reviewer — An expert UX review agent specialized in WordPress, WooCommerce, and payment system interfaces. Reviews checkout flows, payment gateway integrations, admin UI, onboarding experiences, and error states against dimensions including clarity, trust signals, accessibility (WCAG 2.1 AA), mobile responsiveness, and conversion impact.
Code Reviewer — A general-purpose code review agent that evaluates code across six dimensions: correctness, security, performance, code quality, test coverage, and project standards alignment. Not WordPress-specific, but works well in any WooCommerce project context.
- Claude Code CLI installed and configured
See the Installation Guide for detailed setup instructions.
Clone this repository:
git clone https://github.com/Automattic/claude-woocommerce-toolkit.gitInstall skills (copy or symlink into your Claude Code skills directory):
# Global installation (available in all projects)
cp -r claude-woocommerce-toolkit/skills/woocommerce-plugin-dev ~/.claude/skills/
cp -r claude-woocommerce-toolkit/skills/woocommerce-finalize ~/.claude/skills/
cp -r claude-woocommerce-toolkit/skills/woocommerce-upgrade-safety ~/.claude/skills/
# Project-level installation (available only in one project)
cp -r claude-woocommerce-toolkit/skills/* /path/to/your/project/.claude/skills/Install the agents (copy or symlink into your Claude Code agents directory):
# Global installation
cp claude-woocommerce-toolkit/agents/*.md ~/.claude/agents/
# Project-level installation
cp claude-woocommerce-toolkit/agents/*.md /path/to/your/project/.claude/agents/The skill triggers automatically when you mention building a WooCommerce plugin. You can also invoke it directly:
> I want to build a WooCommerce plugin that adds a loyalty points system
Claude will conduct a project discovery interview before writing any code,
then scaffold and build following all standards in the reference docs.
Example trigger phrases:
- "Build a WooCommerce plugin..."
- "Create a payment gateway extension..."
- "Start a new Woo extension for..."
- "Scaffold a shipping method plugin..."
The agent is invoked automatically when you complete UX-critical work, or you can request a review:
> Can you review the checkout flow I just built?
Claude will launch the UX reviewer agent to assess clarity, trust signals,
error handling, accessibility, mobile responsiveness, and conversion impact.
Triggered after completing a logical chunk of code:
> I've finished the payment gateway class, can you review it?
Claude will launch the code reviewer agent to check correctness, security,
performance, code quality, test coverage, and standards alignment.
The WooCommerce plugin dev skill enforces these rules on every file:
- HPOS compatibility is mandatory — use WooCommerce CRUD, never
get_post_meta()for orders - All user input is hostile — sanitize on input, escape on output, prepared statements for DB
- Nonces and capability checks on every form and AJAX handler
- Every public function has a PHPDoc block with
@since,@param,@return - No direct database queries when WooCommerce/WordPress provides an API
- All strings are translatable using the plugin's text domain
- Tests exist for every feature — unit, integration, and E2E for user-facing flows
- Prefix everything — functions, hooks, options, meta keys, REST routes
- WordPress enqueue system for all scripts and styles
- Declare all WooCommerce feature compatibility via
FeaturesUtil
See CONTRIBUTING.md for guidelines on proposing changes, adding reference docs, and submitting evals.
This project is licensed under the GPL v2 or later — see the LICENSE file for details.