Two plugin ideas

I’m currently working on two different WordPress plugin ideas, so I’m going to record them here … the theory being that if I do that I’m more likely to make substantial progress on them.

Idea 1:  a plugin to detect over-premissioned user accounts.  A very common security risk in WordPress is having lots of admin (or otherwise highly permissioned) accounts laying around when those accounts never take any actions that would require the capabilities of an administrator.  I’d like to make a plugin that detects this state of affairs based on real user behaviors and adds a indicator to user views (list, detail page) when a user has an inappropriate role.

Idea 2: A profiler for REST API endpoints a la Query Monitor or Debug Bar.  I’ve been kicking this idea around for some time now, but need to settle on an approach.  One idea might be to just extend Query Monitor in some way, though starting from scratch has a certain appeal too.  The obvious challenge is that of course results can’t be rendered on a webpage as in those other tools but must instead be returned from the testing request itself.