ClawHub

Clawpify

v0.1.0

Query and manage Shopify stores via GraphQL Admin API. Use for products, orders, customers, inventory, discounts, and all Shopify data operations.

6· 2.3k·3 current·3 all-time
by@alhwyn

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alhwyn/clawpify.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Clawpify" (alhwyn/clawpify) from ClawHub.
Skill page: https://clawhub.ai/alhwyn/clawpify
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawpify

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawpify
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim full Shopify Admin GraphQL capabilities, but the skill declares no required credentials, no primaryEnv, and no config paths — yet interacting with the Shopify Admin API requires a shop domain and an admin API access token (or equivalent OAuth credentials). The dependency on a 'shopify_graphql' tool is the only mechanism shown to reach Shopify, but its provenance is unspecified. This mismatch between claimed capability and declared required secrets is inconsistent and unexplained.
Instruction Scope
SKILL.md stays within the Shopify GraphQL domain: it provides queries/mutations, error-checking, pagination guidance, and explicit permission rules for destructive operations. It does not instruct reading arbitrary local files or unrelated environment state. However, it does not explain how credentials are supplied to the 'shopify_graphql' tool or how the tool handles requests/responses, which leaves an operational gap that affects security/privacy.
Install Mechanism
There is no install spec and no code files (instruction-only), which is low-risk in isolation. The notable item is the dependency listed: 'Tool: shopify_graphql (from MCP server or custom function)'. That indicates the skill expects either a remote managed component (MCP server) or a locally provided function; the remote option could route store data through an external server. The SKILL.md does not clarify whether traffic stays within the user's environment or is proxied via a third-party.
!
Credentials
No environment variables or credentials are declared, despite the skill requiring access to sensitive store data (products, orders, customers, inventory, refunds, bulk exports). This is disproportionate: at minimum the store domain and an admin API token (or OAuth client/secret) are needed. The absence of declared secrets and the vague external tool both raise the possibility that credentials would be requested or routed at runtime in an ad-hoc way, increasing the risk of credential leakage.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not declare writes to agent/system configuration. Autonomous invocation is allowed (platform default). There is no explicit mechanism in the SKILL.md to persist credentials or modify other skills' settings.
What to consider before installing
This skill appears to be a comprehensive Shopify GraphQL reference and lists many powerful operations (including bulk exports, refunds, inventory adjustments, discount activation, and deletes). Before installing or enabling it, verify these points: 1) Where does the 'shopify_graphql' tool actually run? If it uses an MCP (managed) server, who operates that server and will your shop data (queries/responses) route through it? 2) How will credentials be provided and stored? The SKILL.md does not declare required env vars (e.g., SHOPIFY_STORE_DOMAIN, SHOPIFY_ADMIN_API_TOKEN) — insist on a clear mechanism that keeps credentials local or in a vetted secret store. 3) Confirm explicit confirmation UX for destructive operations (the skill documents permission checks, but you should verify the agent enforces them). 4) Because the references include bulk-export queries and customer data fields, avoid granting broad read/export scopes until you trust the tool’s operator and storage/retention policy. If the provider cannot answer how the shopify_graphql endpoint is hosted and how credentials are handled, treat the skill as high risk and do not install it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97126rr7bphjsjhwth3j6n5nx80qbdf
2.3kdownloads
6stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@alhwyn
latest
Download

Shopify GraphQL Admin API

A comprehensive skill for interacting with Shopify's GraphQL Admin API. This skill enables Claude to query and manage all aspects of Shopify store data.

When to Use This Skill

Use this skill when the user asks about:

  • Products (list, search, create, update, delete)
  • Orders (view, cancel, fulfill)
  • Customers (list, create, update)
  • Inventory (check levels, adjust quantities)
  • Discounts (create codes, manage promotions)
  • Any other Shopify store operations

Critical Operations Requiring Permission

IMPORTANT: Before executing any of the following operations, you MUST ask for explicit user permission:

  • Refunds: Create refunds (permanent financial transactions)
  • Order Cancellations: Cancel orders (may trigger refunds)
  • Gift Card Deactivation: Permanently disable gift cards
  • Inventory Adjustments: Modify stock levels
  • Product Deletions: Permanently remove products
  • Discount Activations: Change pricing for customers

Always show what will be changed and wait for user confirmation.

How to Use

  1. Use the shopify_graphql tool to execute queries
  2. Check for errors (GraphQL issues) and userErrors (validation issues)
  3. Use pagination with first/after for large result sets
  4. Format all IDs as: gid://shopify/Resource/123

Available References

For detailed patterns and examples, refer to the reference documents:

  • products.md - Products and variants management
  • orders.md - Order operations
  • customers.md - Customer management
  • inventory.md - Inventory and locations
  • discounts.md - Discount codes and promotions
  • collections.md - Product collections
  • fulfillments.md - Order fulfillment and shipping
  • refunds.md - Process refunds
  • draft-orders.md - Draft order creation
  • gift-cards.md - Gift card management
  • webhooks.md - Event subscriptions
  • locations.md - Store locations
  • marketing.md - Marketing activities
  • markets.md - Multi-market setup
  • menus.md - Navigation menus
  • metafields.md - Custom data fields
  • pages.md - Store pages
  • blogs.md - Blog management
  • files.md - File uploads
  • shipping.md - Shipping configuration
  • shop.md - Store information
  • subscriptions.md - Subscription management
  • translations.md - Content translations
  • segments.md - Customer segments
  • bulk-operations.md - Bulk data operations

Quick Examples

List Recent Orders

query {
  orders(first: 10, sortKey: CREATED_AT, reverse: true) {
    nodes {
      id
      name
      totalPriceSet {
        shopMoney { amount currencyCode }
      }
      customer { displayName }
    }
  }
}

Search Products

query {
  products(first: 10, query: "title:*shirt* AND status:ACTIVE") {
    nodes {
      id
      title
      status
    }
  }
}

Check Inventory

query GetInventory($id: ID!) {
  inventoryItem(id: $id) {
    id
    inventoryLevels(first: 5) {
      nodes {
        quantities(names: ["available"]) {
          name
          quantity
        }
        location { name }
      }
    }
  }
}

Error Handling

Always check responses:

  • errors array = GraphQL syntax issues
  • userErrors in mutations = validation problems

Best Practices

  1. Request only needed fields to optimize response size
  2. Use pagination for lists that may grow
  3. Check userErrors in all mutation responses
  4. Ask permission before dangerous operations
  5. Format results clearly for the user
  6. Use bulk operations for large data exports/imports
  7. Handle rate limits with exponential backoff

Comments

Loading comments...