ClawHub

Clawpify

Security checks across malware telemetry and agentic risk

Overview

This Shopify admin skill is coherent and not malicious, but it gives broad live-store mutation and data-access guidance with incomplete safeguards for several high-impact operations.

Install only if you trust the operator and will use it with tightly scoped Shopify API credentials. Treat all writes, deletes, bulk operations, customer-data exports, subscription changes, marketing-consent updates, and customer communications as requiring explicit review and confirmation before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (19)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill advertises an open-ended catch-all for 'Any other Shopify store operations,' which can cause the agent to over-apply the skill beyond narrowly intended tasks. In this context, the tool can perform sensitive administrative actions against a live Shopify store, so broad routing increases the chance of unauthorized or insufficiently reviewed destructive operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes a blog deletion mutation with no warning about irreversible content removal, confirmation requirements, or operational safeguards. In a skill meant to manage Shopify content, this can normalize unsafe destructive actions and increase the likelihood that an agent or user triggers permanent deletion of production data without adequate review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The article deletion example documents a destructive mutation without warning about permanent data loss, recovery limitations, or the need for user confirmation. Because this skill is designed for live Shopify store administration, omission of safety guidance makes accidental or automated deletion of published content more plausible and operationally harmful.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly provides bulk export examples for orders and customers, including customer display names, email addresses, order history, and spending data, but does not warn about privacy, data minimization, access control, retention, or secure handling of exported files. In a Shopify admin skill, this is meaningful because bulk operations produce downloadable datasets at scale, making accidental over-collection or mishandling of sensitive business and personal data more likely.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This reference file provides ready-made queries and mutations for retrieving and modifying customer personal data, including email addresses, phone numbers, physical addresses, tags, and order history, without any accompanying privacy, authorization, or least-privilege guidance. In an agent skill context, that omission can normalize broad access to PII and make it easier for downstream agents or users to perform unnecessary or overbroad customer-data operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guidance includes explicit confirmation requirements for completing and deleting draft orders, but the invoice-sending mutation lacks a comparable warning despite triggering an outbound customer communication. An agent following this skill could send invoices to the wrong recipient or send premature/unauthorized payment requests, causing customer confusion, reputational damage, and possible disclosure of invoice links without an approval checkpoint.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill’s own “Dangerous Operations” section says `fulfillmentOrderReleaseHold` requires explicit user permission, but the operation-specific section omits any confirmation requirement. In an agentic context, that inconsistency can cause the model to execute a state-changing action without user approval, resuming order processing and potentially triggering unintended shipments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`fulfillmentOrderMove` changes the assigned fulfillment location and can alter inventory allocation, routing, timing, and downstream fulfillment workflow, yet the section lacks any warning or confirmation protocol. In a Shopify admin skill, this makes unauthorized or mistaken location changes more likely, with operational and customer-impacting consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes `giftCardSendNotificationToCustomer` and `giftCardSendNotificationToRecipient` without the same explicit permission and warning flow used for balance-changing or irreversible actions. While these operations do not directly move funds, they can contact customers or recipients unexpectedly, causing spam, privacy issues, confusion, or social-engineering opportunities if triggered without clear user confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document includes a destructive mutation for deleting external marketing activities without any caution about permanence, authorization, or operator confirmation. In an agent skill context, this can normalize unsafe execution and increase the chance that an automated workflow deletes campaign records or integrations without human review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents bulk deletion of marketing engagements by channelHandle with no warning about scope, irreversibility, or downstream reporting impact. Because this is a bulk operation, an agent or user could erase large sets of attribution and performance data, harming analytics, auditing, and campaign measurement.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows how to update email and SMS marketing consent states to SUBSCRIBED without any privacy, legal, or consent-validation warning. In this context, the skill directly touches regulated customer preference data, so omission of compliance guardrails could enable unauthorized opt-ins, unlawful messaging, and privacy violations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation provides a direct menu deletion mutation but does not instruct callers to require explicit user confirmation, verify the target menu, or warn about irreversible navigation changes. In an agent context, this increases the chance of accidental destructive actions that can break storefront navigation and disrupt customer access to key pages.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The update example shows menuUpdate without prominently warning that the operation replaces the entire item set, which can cause accidental removal of existing links if callers submit only a partial menu. In a Shopify admin skill, this is particularly risky because agents may interpret 'update' as patch semantics and unintentionally damage live storefront navigation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file documents metafield deletion operations with ready-to-use GraphQL mutations and example variables, but provides no caution that these actions are destructive and may remove production data immediately. In an agent skill meant to manage Shopify stores, omission of guardrails increases the chance that an automated agent or user will perform unsafe deletes without confirmation, scope validation, or recovery planning.

Missing User Warnings

High
Confidence
98% confidence
Finding
The metafield definition deletion example includes the dangerous deleteAllAssociatedMetafields parameter but does not warn that enabling it can cascade into removal of all associated metafield data. In the Shopify admin context, this can cause broad data loss across many resources, making the omission materially riskier than a simple single-record delete example.

Missing User Warnings

High
Confidence
97% confidence
Finding
The metaobject delete and bulk delete sections provide destructive mutations, including multi-object deletion, without any user-facing warning about permanence, blast radius, or operational safeguards. Because this skill is specifically designed for broad Shopify data operations, these examples could be directly reused by an agent to remove structured content in bulk, causing significant business disruption and content loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation exposes pause, activate, cancel, commit, and billing-cycle skip mutations that directly change subscription state and can alter customer billing, but it provides no warning, confirmation guidance, or operational safeguards. In an agent skill context, this increases the risk that an automated workflow invokes destructive actions without explicit user intent, causing unwanted cancellations, skipped charges, or unauthorized contract changes.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documents access to customer payment method details and the required read_customer_payment_methods scope without any privacy, sensitivity, or handling guidance. Even though only partial card data is shown, this is regulated customer financial information, and agent users may over-collect, expose, or misuse it if the documentation does not emphasize restrictions and secure handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal