WP-Safety

Alpaca Bot Security & Risk Analysis

wordpress.org/plugins/alpaca-bot

A privately hosted WordPress AI chatbot. Chat with your own hosted LLMs and automate workflows with agents.

30 active installs v0.4.17 PHP 8.1+ WP 6.4+ Updated Jul 6, 2024
aichatbotembeddinglarge-language-modelollama
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Alpaca Bot Safe to Use in 2026?

Generally Safe

Score 92/100

Alpaca Bot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'alpaca-bot' plugin version 0.4.17 exhibits a generally strong security posture based on the provided static analysis. The absence of any reported CVEs and a clean vulnerability history, coupled with robust code practices like 100% prepared statements for SQL, a high percentage of properly escaped output (97%), and consistent use of nonce and capability checks (3 each), are significant strengths. The limited attack surface of only two shortcodes, with no unprotected entry points identified, further contributes to its good standing.

Vulnerabilities
None known

Alpaca Bot Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Alpaca Bot Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
134 escaped
Nonce Checks
3
Capability Checks
3
File Operations
1
External Requests
3
Bundled Libraries
0

Output Escaping

97% escaped138 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<Settings> (src\Utils\Settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Alpaca Bot Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[alpacabot_agent] src\Agents.php:19
[alpacabot] src\Agents.php:20
WordPress Hooks 22
actionplugins_loadedalpaca-bot.php:36
actionadmin_menusrc\Agents.php:17
actionadmin_enqueue_scriptssrc\AlpacaBot.php:17
actionadmin_enqueue_scriptssrc\AlpacaBot.php:18
actionadmin_initsrc\AlpacaBot.php:19
actionadmin_menusrc\AlpacaBot.php:20
actionadmin_noticessrc\AlpacaBot.php:21
actioninitsrc\AlpacaBot.php:23
actionrest_api_initsrc\Api\Htmx.php:23
actionadmin_noticessrc\Api\Ollama.php:334
actioninitsrc\Chat\Post.php:11
filteradmin_footer_textsrc\Chat\Screen.php:23
filterupdate_footersrc\Chat\Screen.php:28
actionadmin_headsrc\Help.php:15
filterplugin_row_metasrc\Help.php:17
actioninitsrc\Log\Post.php:13
actionmanage_chat_log_posts_custom_columnsrc\Log\Post.php:14
filtermanage_chat_log_posts_columnssrc\Log\Post.php:16
filtermanage_edit-chat_log_sortable_columnssrc\Log\Post.php:17
actionadmin_initsrc\Utils\Settings.php:265
actionadmin_menusrc\Utils\Settings.php:268
actionadmin_enqueue_scriptssrc\Utils\Settings.php:328
Maintenance & Trust

Alpaca Bot Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJul 6, 2024
PHP min version8.1
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

Alpaca Bot Alternatives

Petabot

Petabot

petabot

A
100

Petabot: An AI chatbot plugin for WordPress to boost support, engage users, and enhance your site with natural conversations.

0 No CVEs
AI Engine – The Chatbot, AI Framework & MCP for WordPress

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

B
76

AI meets WordPress. Your site can now chat, write poetry, solve problems, and maybe make you coffee.

100K 22 CVEs
Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

button-contact-vr

A
98

Powerful platform with Live Chat, AI Chatbots, and Real-Time Visitor Monitoring! Also, create Call, Email, SMS, & Contact buttons to increase conv &hellip;

60K 3 CVEs
Smartsupp – live chat, AI shopping assistant and chatbots

Smartsupp – live chat, AI shopping assistant and chatbots

smartsupp-live-chat

A
98

Boost your sales and turn visitors into customers with live chat, AI tools and chatbots. Smartsupp is trusted by 100,000+ online stores.

20K 2 CVEs
Echo Knowledge Base – Documentation, FAQs, Chat & Smart Search

Echo Knowledge Base – Documentation, FAQs, Chat & Smart Search

echo-knowledge-base

A
98

A fully featured, easy-to-use documentation plugin with AI chat and search integration. Build beautiful knowledge bases, FAQs, docs, and wikis.

10K 1 CVE
Developer Profile

Alpaca Bot Developer Profile

carmelosantana

2 plugins · 50 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Alpaca Bot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/alpaca-bot/assets/img/icon-80.png/wp-content/plugins/alpaca-bot/assets/js/htmx.min.js/wp-content/plugins/alpaca-bot/assets/js/multi-swap.js/wp-content/plugins/alpaca-bot/assets/js/prism.min.js/wp-content/plugins/alpaca-bot/assets/js/alpaca-bot.js/wp-content/plugins/alpaca-bot/assets/css/alpaca-bot.css/wp-content/plugins/alpaca-bot/assets/css/hint.min.css/wp-content/plugins/alpaca-bot/assets/css/materialsymbolsoutlined.css+1 more
Version Parameters
alpaca-bot/assets/js/alpaca-bot.js?ver=alpaca-bot/assets/css/alpaca-bot.css?ver=alpaca-bot/assets/css/hint.min.css?ver=alpaca-bot/assets/css/materialsymbolsoutlined.css?ver=alpaca-bot/assets/js/htmx.min.js?ver=alpaca-bot/assets/js/multi-swap.js?ver=alpaca-bot/assets/js/prism.min.js?ver=alpaca-bot/assets/css/prism-default.min.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-alpaca-bot
JS Globals
alpacaBot
REST Endpoints
/wp-json/alpaca-bot/v1/chat/wp-json/alpaca-bot/v1/generate/wp-json/alpaca-bot/v1/regenerate/wp-json/alpaca-bot/v1/tags/wp-json/alpaca-bot/v1/options
FAQ

Frequently Asked Questions about Alpaca Bot