adityaarsharma
User🪐 10-agent WordPress Plugin QA team for Claude Code. 116 runtime-evergreen skills · CTO→PM→Dev→UAT→Security→Release · MCP discovery · Docker wp-env · WP.org zero-rejection · Brain-connected memory.
Categories
Indexed Skills (47)
orbit-do-it
The brainless orchestrator. User points at a plugin path; this skill auto-detects plugin type (Elementor / Gutenberg / WooCommerce / form / membership / generic), picks the right combination of audit + UAT + perf + security + compat skills, runs them in parallel, and produces a one-page TL;DR + master HTML report. Zero questions after the path. Use whenever the user says "do it", "audit my plugin", "ship it", "check everything", or just `/orbit-do-it`.
orbit-gauntlet
Run the full Orbit gauntlet — 11 sequential checks on a WordPress plugin (PHP lint, PHPCS, PHPStan, asset weight, i18n, Playwright, Lighthouse, DB profile, competitor compare, UI perf, AI skill audits, PM UX). Three modes — `quick` (3-5 min, dev loop), `full` (30-45 min, RC pass), `release` (45-60 min, WP.org submission). Use when the user says "run gauntlet", "audit my plugin", "full QA", "before release", or any unscoped "check my plugin" request.
orbit-abilities-api
Audit a WordPress plugin for the new Abilities API + AI Client & Connectors API (WP 7.0, ships May 20, 2026). Verifies `register_ability()` calls, `@wordpress/abilities` JS package usage, AI Client provider abstraction, browser-agent + WebMCP integration patterns. Use when the user says "Abilities API", "WP 7 AI", "register_ability", "AI Client API", or builds plugins that integrate with WP's native AI framework.
orbit-accessibility
WCAG 2.2 AA accessibility audit for a WordPress plugin's admin UI, block editor output, and frontend markup. Combines axe-core (automated 30% coverage) with code-review for the 70% axe can't catch — focus traps, keyboard nav, ARIA misuse, screen-reader announcements, colour contrast on dynamic content. Use when the user says "a11y", "accessibility", "WCAG", "axe-core", "screen reader", or after any UI change to the plugin's admin pages or block output.
orbit-ajax-fuzzer
Discover every `wp_ajax_*` and `wp_ajax_nopriv_*` action in a WordPress plugin and fuzz-test admin-ajax.php endpoints with malformed payloads, missing nonces, anonymous access attempts, and injection vectors. Use when the user says "AJAX fuzzer", "admin-ajax security", "test AJAX handlers", or after adding any new `add_action('wp_ajax_*', ...)`.
orbit-block-bindings
Audit Block Bindings API usage — the WP 6.5+ way to bind block attributes to dynamic data sources (post meta, options, custom sources) without writing custom render filters or hacks. Catches plugins still using the old `render_block` filter pattern that should migrate. Use when the user says "block bindings", "bind block attribute", "post meta in block", "WP 6.5 block API", or modernising a custom-render filter.
orbit-block-edit-test
Playwright tests for the editor-time experience of every Gutenberg block — insert, configure attributes via inspector controls, set alignment / colour / spacing, transform to/from other blocks, validate inner-block patterns, undo/redo. Use when the user says "block edit test", "test InspectorControls", "block toolbar test", "edit-time spec", or after adding any custom InspectorControls to a block.
orbit-block-json-validate
Validate every `block.json` in a WordPress plugin against the current Block Metadata schema (apiVersion, name format, attributes types, supports, render, viewScript, etc.). WP 6.5+ expects apiVersion 3. Catches schema errors before they become runtime issues. Use when the user says "block.json validate", "validate Gutenberg blocks", "WP 6.5 block schema", or after adding/editing any block.
orbit-block-patterns
Audit and test block patterns shipped by a WordPress plugin — pattern category registration, preview rendering, `block_pattern_categories` filter usage, locked patterns, synced patterns (WP 6.3+), and Pattern Directory submission readiness. Use when the user says "block patterns", "register_block_pattern", "pattern preview", "synced patterns", or before submitting patterns to wordpress.org/patterns.
orbit-block-variations
Audit block variations — alternative configurations of an existing block (e.g. core/group's "Row" variation), `transforms` between blocks, and the variation picker UI in the inserter. Use when the user says "block variation", "registerBlockVariation", "transform between blocks", or has multiple similar custom blocks that should be variations of one.
orbit-broken-access-control
Deep audit for Broken Access Control — Patchstack 2026's
orbit-bundle-analysis
JavaScript / CSS bundle analysis for a WordPress plugin — total weight, per-chunk breakdown, source-map-explorer visualisation, unused CSS detection (PurgeCSS), tree-shake opportunities, and asset weight regression vs the previous release. Use when the user says "bundle size", "JS weight", "CSS bloat", "source map explorer", "PurgeCSS", "unused CSS", or after Webpack/Rollup refactor.
orbit-cache-compat
Verify WordPress plugin compatibility with object cache (Redis / Memcached) and page cache (W3 Total Cache, WP Rocket, LiteSpeed, Varnish). Catches plugins that store mutable data in transients without invalidation, set cookies that bust page cache for everyone, or read from `wp_options` without honouring `wp_cache_get`. Use when the user says "object cache", "Redis", "page cache", "WP Rocket", "LiteSpeed", "cache compat".
orbit-changelog-test
Map every CHANGELOG.md entry to a targeted Playwright test or skill audit. Reads the changelog, classifies each entry (NEW FEATURE / PERFORMANCE / SECURITY / BUG FIX / etc.), and generates a per-change test plan you can execute before tagging the release. Use when the user says "test the changelog", "changelog → tests", "test the new features", "before release", or has just updated CHANGELOG.md for a new version.
orbit-code-quality
Code-quality reviewer for WordPress plugins — finds dead code, complexity hotspots, error-handling gaps, type-safety issues, AI-hallucination risks (made-up WP function names, wrong sanitize choice, missing nonce, class-name case drift, method API drift), AND the WordPress runtime traps that only break on a live install (Settings API cross-nulling, DISABLE_WP_CRON assumptions, conditional add_rewrite_rule, bulk option restore wipes, %currentyear% literals in third-party SEO plugin meta, Gutenberg block-comment false-positive text checks, tab/router slug mismatch, Pro/Free shadow-class conflicts, cross-plugin filter timing). Use when the user says "code quality", "vibe code review", "review AI-generated code", "find dead code", "complexity audit", "why didn't Orbit find this", or after merging a Cursor/Copilot-assisted PR.
orbit-compat-acf
ACF (Advanced Custom Fields) integration audit — get_field / the_field usage, ACF Blocks (Gutenberg), Field Groups loaded via PHP / JSON sync, ACF location rules, REST API exposure, ACF + Polylang/WPML interactions. Use when the user says "ACF compat", "Advanced Custom Fields integration", "ACF block", "get_field usage".
orbit-compat-matrix
Multi-version compatibility matrix for a WordPress plugin — runs the gauntlet against PHP 7.4 / 8.1 / 8.3 / 8.5 × WP 6.3 / 6.5 / latest, plus modern-WP feature adoption check (block-template-parts, theme.json schema 3, Interactivity API, etc.). Use when the user says "PHP 7.4 vs 8.x", "WP 6.5 compat", "compatibility matrix", "drop PHP 7 support", "after WP core update", or before bumping `Requires PHP:` / `Requires at least:` in the plugin header.
orbit-compat-polylang
Polylang compatibility audit — pll_register_string, pll_current_language, custom-post-type translation, language switcher hooks, REST + WP-CLI integration. Polylang has free + Pro versions; covers both. Use when the user says "Polylang compat", "Polylang translate", "WPML alternative", or coexisting with Polylang.
orbit-compat-rankmath
Coexistence audit with RankMath SEO — schema-output collision (RankMath's schema is more aggressive than Yoast), meta-tag duplication, title-tag conflicts, sitemap merging, REST endpoint conflicts. Use when the user says "RankMath compat", "RankMath conflict", or coexisting with RM.
orbit-compat-wpml
WPML compatibility audit — translatable strings via icl_t / wpml_register_string, custom-post-type translation, taxonomy translation, language switcher hooks, current-language detection, sitemap-per-language, and the wpml-config.xml registration file. Use when the user says "WPML compat", "WPML translate strings", "translation plugin", or before customer asks "does this work with WPML?".
orbit-compat-yoast
Coexistence audit with Yoast SEO — schema-output collision, meta-tag duplication, title-tag conflicts, sitemap merging, breadcrumb integration, custom-post-type registration order, REST-API endpoint conflicts. Use when the user says "Yoast compat", "Yoast SEO conflict", "schema duplicate", "meta tag conflict".
orbit-competitor-compare
Side-by-side comparison of your WordPress plugin vs competitor plugins from wordpress.org. Auto-downloads competitor zips, analyses each on version / installs / rating / bundle weight / PHPCS errors / security patterns / block.json adoption, and produces a markdown comparison table. Use when the user says "competitor analysis", "vs Essential Addons / Premium Addons / Yoast / RankMath", "where are we behind", "competitive moat".
orbit-conflict-matrix
Test a WordPress plugin against the top 20 most-installed WP plugins (Yoast, RankMath, WooCommerce, Elementor, Jetpack, UpdraftPlus, W3 Total Cache, WPForms, Contact Form 7, etc.) — one at a time, in isolation, looking for conflicts. Use when the user says "test plugin conflicts", "vs Yoast / WooCommerce", "compatibility with top plugins", "before major release", or has a customer report of "X plugin breaks when Y is active".
orbit-cron-audit
Audit `wp_schedule_event` / `wp_schedule_single_event` calls in a WordPress plugin — check for missed schedules, duplicate registrations on every page load, missing unschedule on deactivation, hooks scheduled but never registered (zombie crons), and overlapping cron windows that cause performance regressions. Use when the user says "cron audit", "wp_schedule_event", "scheduled tasks", "WP-Cron", or has a customer report of "site slow at certain times".
orbit-cve-check
Live CVE feed correlation + plugin ownership-transfer detection — fetches NVD, Patchstack, and WPScan public feeds AT RUNTIME (not from cron). Cross-references against the plugin's PHP signatures. Reports pattern matches with the live feed timestamp. Use when the user says "CVE check", "live security feed", "is my plugin affected by today's CVEs", "ownership transfer", or as part of /orbit-do-it.
orbit-db-profile
Database query profiling for a WordPress plugin — query count per page, slow queries (>100ms), N+1 detection, autoload bloat (`wp_options` autoload size), transient explosion, missing indexes, and cron-induced churn. Uses Query Monitor + MySQL `performance_schema` against a wp-env site. Use when the user says "DB profile", "query count", "N+1", "slow query", "autoload bloat", "Query Monitor", or after any feature that adds DB writes/reads.
orbit-designer-empty-error
Audit empty-states + error-states across a WordPress plugin's admin UI — every list / table / dashboard / form should have a designed empty state with CTA, and every error path should have a recoverable error message (not a stack trace). Use when the user says "empty state audit", "error state design", "blank screen UX", or after a UX review.
orbit-designer-icons
Audit icon usage across a WordPress plugin's admin UI — icon library consistency (one set, not three), accessible-icon patterns (label + role), inline SVG vs icon-font tradeoffs, dashicons vs custom SVGs, icon-only buttons accessibility. Use when the user says "icon audit", "icon system", "dashicons", "SVG icons".
orbit-designer-tokens
Audit design tokens — color palette, typography scale, spacing system, border-radius scale, shadow tokens — for a WordPress plugin's admin UI and frontend output. Catches hardcoded magic numbers, inconsistent type ramps, and palette drift. Use when the user says "design tokens", "color palette audit", "typography scale", "spacing system", or before any visual refresh.
orbit-docker-site
Spin up, manage, and troubleshoot a WordPress test site (wp-env / wp-now / Docker) for Orbit. Use when the user says "create test site", "spin up WP", "wp-env", "Docker WordPress", "I need a local WP", "site not loading", or any browser test fails because the site isn't running. Walks them from "no site" to "site at localhost:8881 with plugin installed and Query Monitor active".
orbit-editor-perf
Editor performance harness for Elementor / Gutenberg / Beaver Builder / WPBakery — measures editor-ready time, widget panel populated, widget insert→render, memory growth after 20+ widgets, console error spam. Catches the perf bugs Lighthouse can't see (most addon plugin issues live here). Use when the user says "Elementor slow", "Gutenberg lag", "editor performance", "widget insert timing", "panel freezing".
orbit-elementor-compat
Across-Elementor-versions compatibility audit — fetches Elementor's current changelog + deprecation list at RUNTIME, then audits the plugin against today's reality. Auto-handles V3, V4 Atomic, V5+ as they ship — no manual rule update needed. Use when the user says "Elementor compat", "across versions", "after Elementor major release", "V4 atomic check", "deprecated Elementor APIs".
orbit-elementor-controls
Audit custom Elementor controls — Control_Base subclasses, custom UI controls beyond the 30+ built-in (slider, text, choose, dimensions, gallery, repeater, etc.), control registration hook, and choosing the right built-in control before rolling a custom one. Use when the user says "Elementor control", "custom control", "Control_Base", or "build a custom Elementor field type".
orbit-elementor-dev
Elementor widget development workflow audit — Widget_Base subclass structure, register_controls() patterns, render() escaping, content_template() for live preview, asset enqueue via get_script_depends() / get_style_depends(), responsive controls, and dynamic-tags integration. Use when the user says "Elementor widget", "create Elementor widget", "Widget_Base", or builds anything for Elementor.
orbit-elementor-dynamic-tags
Audit Elementor Dynamic Tags — server-side data sources that fill widget controls (post meta, ACF fields, user data, custom). The Elementor equivalent of WP's Block Bindings API. Use when the user says "dynamic tag", "Tag class", "ACF dynamic tag", "Elementor dynamic data", or a plugin needs to pipe live data into Elementor controls.
orbit-elementor-pro
Audit a plugin extending Elementor Pro features — Form Action subclasses (form integrations), custom Display Conditions, custom Theme Builder locations, custom Popup triggers, custom Loop Item templates. Use when the user says "Elementor Pro extension", "Form Action handler", "Display Conditions", "Theme Builder location", or builds anything that requires Elementor Pro to be active.
orbit-elementor-skins
Audit Elementor widget skins — Skin_Base subclasses that let one widget render in multiple visual styles (e.g. "Card", "List", "Carousel" variants of the same Posts widget). Use when the user says "Elementor skin", "Skin_Base", "widget variant", or has multiple similar widgets that should be skins of one.
orbit-evergreen-update
Meta-skill that walks every `/orbit-*` skill, fetches the canonical sources listed in its `Sources & Evergreen References` section, diffs against the rules currently in the skill, flags drift (rule says X, source says Y now). Optionally proposes patches. Use whenever the user says "audit skills for staleness", "are my skills current", "evergreen update", "drift check", or quarterly as a maintenance routine.
orbit-fse-test
Full-Site-Editing (FSE) compatibility audit for a WordPress plugin or theme — theme.json schema 3 validation, block-template-parts hooks, Site Editor compatibility, template hierarchy, style variations, and block-locking patterns. Use when the user says "FSE", "block theme", "theme.json", "site editor", or builds anything that adds templates / parts / patterns to a block theme.
orbit-gdpr
GDPR / personal-data compliance audit for a WordPress plugin — verifies that the plugin registers with `wp_privacy_personal_data_exporters` and `wp_privacy_personal_data_erasers` for any personal data it stores, declares cookies in the privacy policy template, and handles consent-mode correctly. Use when the user says "GDPR", "personal data export", "right to be forgotten", "privacy policy", "consent mode", or before any plugin release that handles user data.
orbit-gutenberg-dev
Block editor (Gutenberg) plugin development workflow audit — block.json schema, server-side render via render.php (apiVersion 3), edit-time JS in edit.js, block.json textdomain, supports config, attributes types, and the ServerSideRender deprecation path. Use when the user says "Gutenberg dev", "block development", "register a block", "apiVersion 3 migration", or before a release that adds/edits any Gutenberg block.
orbit-host-cloudways
Cloudways compatibility audit — Breeze caching plugin, Object Cache Pro support, Varnish caching, server-level vs application-level caching, SSH access, multiple PHP versions, multiple stacks (Apache + NGINX, NGINX-only). Use when the user says "Cloudways", "DO + WP", "Vultr WP", or customer is on Cloudways.
orbit-host-kinsta
Kinsta hosting compat audit — fetches Kinsta's CURRENT banned-plugins list + cache rules + Redis availability AT RUNTIME (not from a snapshot). Auto-stays-current with Kinsta's policy changes. Use when the user says "Kinsta", "managed WP Kinsta", "is my plugin Kinsta-compatible", "Kinsta banned plugins", or before customer hosts on Kinsta.
orbit-host-pantheon
Pantheon hosting compatibility — read-only filesystem (only `wp-content/uploads` writable), Redis included, multidev environments, Quicksilver hooks, advanced CDN, NGINX-only. Use when the user says "Pantheon", "Pantheon hosting", "WP on Pantheon", or customer is on Pantheon.
orbit-host-shared
Audit a WordPress plugin for low-tier shared-hosting compatibility — memory limits (64MB common), execution-time limits (30s), disk-quota limits (1-5GB), no SSH, no shell exec, no Redis, slow disk I/O. Most "broken plugin" reports come from shared-hosting users hitting silent limits. Use when the user says "shared hosting", "Bluehost / GoDaddy / Hostinger compat", "low-tier hosting".
orbit-host-wpengine
WP Engine compat audit — fetches WP Engine's CURRENT disallowed-plugins list + EverCache rules + filesystem restrictions AT RUNTIME. Auto-stays-current with WPE policy. Use when the user says "WP Engine", "WPE", "is my plugin WPE-compatible", "WPE banned plugins", or before a customer hosts on WP Engine.
orbit-i18n-js-parity
PHP↔JS label parity audit — verifies every label key consumed by JS via `wp_localize_script` / `wp_set_script_translations` is actually emitted from PHP. Catches the silent-English-fallback bug where JS reads `myObject.someLabel` but PHP never put `someLabel` into the localized object. Use when the user says "JS label", "wp_localize_script", "Elementor editor label", "Gutenberg block label", "missing translation in JS", or before any release that touches block editor / Elementor / admin JS.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.