Clawpify
WarnAudited by ClawScan on May 10, 2026.
Overview
Clawpify looks purpose-aligned for Shopify administration, but it gives an agent very broad store-wide read/write and bulk-operation power through an unspecified GraphQL tool.
Install only if you control the Shopify store and trust the external shopify_graphql tool. Start with read-only or least-privilege scopes, review every generated GraphQL query, and require explicit confirmation for all mutations, deletions, customer notifications, public-content changes, and bulk exports/imports.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the connected Shopify tool has write scopes, the agent could alter business data, pricing, inventory, orders, customers, or public store content.
The skill is designed around very broad Shopify Admin API authority rather than a narrowly scoped workflow, so any underlying tool call can affect many sensitive store resources.
Use for products, orders, customers, inventory, discounts, and all Shopify data operations.
Use least-privilege Shopify API scopes, prefer read-only access by default, and require explicit confirmation before every mutation, delete, bulk operation, customer notification, or public-content change.
A mistaken bulk query or mutation could expose large customer/order datasets or make widespread changes across the store before the user notices.
Bulk operations can export or mutate large sets of store records asynchronously; the provided bulk-operation reference does not pair those bulk mutations with a clear preview, confirmation, rollback, or containment protocol.
Run large queries and mutations asynchronously via the GraphQL Admin API.
Require a dry run or sample query first, show the exact record count and mutation input, obtain explicit approval, and keep backups or rollback plans for bulk changes.
The skill’s safety depends heavily on which Shopify store and API scopes the external tool is configured to use.
The registry metadata does not declare a Shopify credential, while the skill depends on Shopify Admin API access through an external shopify_graphql tool; the actual account and scope boundaries are therefore outside the declared skill contract.
Required env vars: none ... Primary credential: none
Verify the underlying MCP/custom function, restrict it to the intended store, and grant only the scopes needed for the task.
Customer personal information could be displayed in chat, stored in conversation history, or included in downstream summaries if the user asks broad queries.
The skill documents queries that retrieve customer contact details and addresses, which are sensitive data that may enter the agent context or outputs.
defaultEmailAddress { emailAddress } ... defaultPhoneNumber { phoneNumber } ... addresses { address1 ... zip }Request only the fields needed, avoid unnecessary customer exports, redact sensitive data in outputs, and do not use this skill in untrusted/shared conversations.
A misconfigured or untrusted external tool could send requests to the wrong store, use broader credentials than expected, or log sensitive Shopify data.
The actual executable tool that sends GraphQL requests is not included or pinned in the artifact set, so its provenance and runtime safeguards cannot be reviewed here.
Tool: shopify_graphql (from MCP server or custom function)
Review and trust the MCP/custom function separately before enabling this skill with real Shopify credentials.