Openclaw Commerce Shopify
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-commerce-shopify Version: 1.0.4 The OpenClaw Commerce Shopify skill is designed for legitimate Shopify store management via a specific OpenClaw Commerce API endpoint (`https://app.openclawcommerce.com/api/v1`). The `SKILL.md` and `README.md` files clearly outline the skill's purpose, API key handling, and authentication. Crucially, `SKILL.md` includes robust prompt-injection defenses, instructing the AI agent to use template-first queries, strictly validate parameters, ignore attempts to bypass safety rules or fetch hidden files, and require confirmation for destructive actions. All `queries/*.md` files provide legitimate GraphQL templates for Shopify operations, with explicit instructions for the agent to handle errors and fulfill user requests responsibly. There is no evidence of data exfiltration to unauthorized endpoints, malicious code execution, persistence mechanisms, or obfuscation. The skill's design prioritizes secure and transparent interaction with the Shopify API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this key could potentially read or change important store data if the key is misused.
The skill requires an API key that enables broad Shopify administrative access through OpenClaw Commerce. This is expected for the stated purpose, but it is high-impact account authority.
Full read/write access to Shopify Admin GraphQL API ... All requests require this header: X-OpenClaw-Commerce-Token: $OPENCLAW_COMMERCE_API_KEY
Use a key only for stores you control, keep it private, revoke it if no longer needed, and prefer the least-privileged key available from the provider.
A mistaken or over-broad request could change or delete store records, products, promotions, or customer/order information.
The skill exposes broad create, read, update, and delete operations over business-critical Shopify resources. The artifacts also document confirmation and validation controls, so this is purpose-aligned rather than suspicious by itself.
Complete CRUD operations for customers ... orders ... products ... collections ... catalogs ... discounts
Carefully review the summarized mutation and require explicit confirmation before approving any create, update, delete, or bulk operation.
Customer, order, product, discount, and store-management data may be sent to OpenClaw Commerce while using the skill.
Shopify operations are routed through the OpenClaw Commerce API gateway. This is disclosed and central to the skill, but it means store data and requested mutations pass through that external service.
Base URL: https://app.openclawcommerce.com/api/v1 ... Endpoint: /operation
Confirm you trust the OpenClaw Commerce service and understand its privacy, logging, and data-retention practices before connecting a production store.
Sensitive store details could be retained in chat history or logs if included in audit context.
The skill encourages logging or echoing validated variables for auditability. That is useful, but variables could include business or customer data depending on the operation.
Audit context – Log (or echo back to the user) which template was used and which validated variables were applied
Avoid logging API keys, personal customer data, or unnecessary business-sensitive values; keep audit logs limited and retained only as long as needed.
It may be harder to verify exactly which package version was reviewed or published.
The provided registry metadata lists version 1.0.4, while the packaged _meta.json lists 1.0.3. This is a minor provenance/version-coherence issue, not evidence of malicious behavior.
"version": "1.0.3"
Confirm the publisher and package version before installation, especially before granting production Shopify access.