Back to skill

Security audit

Shopify Manager Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Shopify administration tool that can change store data, but its behavior matches its stated purpose.

Install only if you want an agent to manage a Shopify store. Use a dedicated least-privilege Admin API token, keep it in environment variables or a secret manager, verify SHOPIFY_STORE_URL points to your intended Shopify store, review uploads before providing file paths, and confirm delete requests carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation instructs users to provide a Shopify Admin API token with broad write scopes, but does not warn that this credential grants powerful access to store content and should be handled as a secret. In practice, this can lead to unsafe sharing, logging, or misuse of high-privilege credentials by users or downstream tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly tells the agent to pass local file paths as-is for upload, but does not warn that the referenced file contents will be read from disk and transmitted to Shopify. This omission raises the chance of accidental exfiltration of sensitive local files if a user provides the wrong path or misunderstands the behavior.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The product delete command performs an irreversible destructive action immediately with no confirmation, dry-run, or safety guard. In an agent or scripted context, a mistaken parameter, prompt injection elsewhere, or operator error could silently delete store products and cause integrity and availability loss.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The metaobject delete command executes immediately without any user confirmation or secondary safety check. This increases the chance of accidental or unauthorized destructive changes when the tool is used by agents or in automation, potentially removing business-critical content structures.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The article delete command deletes content with no confirmation prompt or explicit safeguard. In an automated agent setting, this makes content loss from prompt mistakes, argument mix-ups, or unintended invocation materially more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.