Shopify MCP
WarnAudited by ClawScan on May 14, 2026.
Overview
Review before installing: this skill asks for broad Shopify admin credentials and runs an external MCP server that can change orders, customers, inventory, and fulfillments.
Install only if you trust and have reviewed the external shopify-mcp repository. Use the narrowest Shopify API scopes possible, keep tokens out of source control, pin the dependency source, and require explicit human confirmation before canceling orders, fulfilling orders, updating customer records, or changing inventory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or ambiguous agent action could cancel or fulfill orders, alter customer records, or change inventory levels.
The skill exposes tools that can directly mutate Shopify business data, but the artifact does not describe confirmation, approval, limits, or rollback handling for these high-impact actions.
`shopify_update_order`, `shopify_cancel_order`, `shopify_fulfill_order`, `shopify_update_customer`, `shopify_update_inventory`
Use this only with explicit human confirmation for every write action, test on a non-production store first, and restrict or disable mutating tools if they are not needed.
If the token is mishandled or the MCP server is misused, it could expose customer/order data or allow unauthorized store changes.
The setup requires a static Shopify Admin token with broad read/write scopes over orders, customers, inventory, and fulfillments.
enable: `read_orders`, `write_orders`, `read_customers`, `write_customers`, `read_products`, `read_inventory`, `write_inventory`, `read_fulfillments`, `write_fulfillments` ... `SHOPIFY_ACCESS_TOKEN=shpat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
Create a least-privilege Shopify custom app, grant only the scopes you actually need, rotate tokens regularly, and avoid sharing or committing the .env file.
The unreviewed external server and its dependencies would receive the Shopify Admin token and could perform store actions.
The skill package contains only instructions, yet asks the user to install dependencies and run an external MCP server without a pinned commit, reviewed code, or dependency lock information in the provided artifacts.
`git clone https://github.com/dzunglaviet/shopify-mcp` ... `venv/bin/pip install -r requirements.txt` ... `args": ["server.py"]`
Review the repository and requirements before use, pin to a trusted commit, install in an isolated environment, and monitor token use in Shopify.
Customer information and order details may be exposed in agent context, logs, or chat transcripts depending on the host environment.
The MCP bridge can bring Shopify customer and order data into the agent workflow, which is expected for the purpose but sensitive.
Powered by `shopify-mcp`, a Python MCP server connecting to the Shopify Admin REST API ... **Customers** — `shopify_list_customers`, `shopify_get_customer`, `shopify_update_customer`
Avoid requesting unnecessary customer data, limit who can invoke the skill, and confirm how your agent environment stores MCP outputs and chat history.