Temodar Agent is a Dockerized security analysis platform focused on WordPress plugins and themes. It is designed for security researchers, product security teams, auditors, and defenders who need to triage, scan, and investigate the security of WordPress components. The tool integrates AI agent workflows, Semgrep-powered static analysis, and risk-based reconnaissance to streamline code review and vulnerability assessment processes.
The platform provides a dashboard that allows users to launch scans, prioritize targets, and review results in a single interface. Key capabilities include scanning WordPress plugins and themes, risk-based target prioritization, and persistent local storage for results and historical review. Temodar Agent enables source-aware AI investigation by opening dedicated AI threads for each plugin or theme, maintaining investigation context such as conversation summaries, analysis findings, architecture notes, and important files. It supports multiple AI execution strategies, including agent team tasks, fanout, and auto modes, allowing teams to move from single-agent to multi-agent workflows within the same environment. The system also offers advanced AI run control features, such as custom agent and task payloads, fanout configuration, loop detection, trace and runtime event streaming, manual and auto-approve modes, and structured output when using defined schemas.
A multi-provider AI configuration system is built into Temodar Agent, supporting providers like Anthropic, OpenAI, Copilot, Gemini, and Grok. Users can save multiple provider profiles, switch active providers, select models per profile, store model lists, test provider connections, set custom base URLs, and manage API keys securely within the UI.
For static application security testing, Temodar Agent incorporates Semgrep analysis workflows with built-in rulesets covering OWASP Top 10, PHP security, and security audit. Users can create, delete, enable, or disable custom Semgrep rules, manage rulesets, validate rule documents, and perform bulk scanning. The platform also assists in WordPress security triage by scanning plugins or themes from public sources, filtering by install counts and update windows, identifying abandoned or user-facing targets, and assigning risk labels for efficient prioritization. All scan sessions and progress are stored and streamed to the dashboard for later comparison and follow-up.
Temodar Agent is delivered as a local-first Docker application, requiring Docker to be installed and running on the user's machine. Installation involves pulling the latest Docker image and running the container with persistent storage.
In the Security & compliance platforms space, xeloxa/temodar-agent takes a focused approach. It automates and streamlines security analysis of WordPress plugins and themes using AI and static analysis. xeloxa/temodar-agent is a B2B product aimed at security researchers and product security teams. The product ships for the web and Linux, and it can be self-hosted.
Behind xeloxa/temodar-agent is xeloxa, and the product first shipped in 2026. The project is developed in the open on GitHub with 58 stars and 18 commits in the last 90 days. Among its 5 catalogued features are security scanning, semgrep analysis, and AI agent workflows.
Latest indexed changes and source events
Other apps tracked under the same category.