Shopify
ReviewAudited by ClawScan on May 7, 2026.
Overview
This is a disclosed Shopify management skill that uses ClawLink OAuth and can affect store data, but its sensitive behavior is purpose-aligned and includes confirmation guidance for writes.
Install this only if you trust ClawLink and intend to let OpenClaw help administer your Shopify store. During setup, approve only the store and scopes you need, do not paste raw credentials into chat, and require careful review before any write, refund, cancellation, bulk edit, or publishing action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved actions could modify Shopify products, inventory, orders, refunds, or storefront content.
The skill allows the agent to execute dynamically discovered Shopify tools, including write operations, but it explicitly requires preview and user confirmation for writes.
For writes or anything marked as requiring confirmation, call `clawlink_preview_tool` first, then confirm with the user. Execute with `clawlink_call_tool`.
Review each preview carefully before approving writes, especially refunds, cancellations, publishing, bulk edits, inventory changes, and gift card or discount changes.
The connected integration may be able to read or change Shopify store data within the scopes the user approves.
The skill relies on delegated Shopify account authorization through ClawLink, which is expected for the stated purpose but grants account-level access based on approved scopes.
The user follows the Shopify login, app install, and authorization flow shown there.
Use least-privilege Shopify permissions where possible, connect only the intended store, and revoke the ClawLink/Shopify app connection when no longer needed.
The security of the integration depends partly on the external ClawLink plugin and service.
The skill depends on a separately installed ClawLink plugin that is not included in the provided artifact set. The install is disclosed and user-directed, but its code is outside this review.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the trusted ClawHub source and review ClawLink verification, documentation, and source links before granting Shopify access.
Shopify operational data and authorization flows may pass through ClawLink as part of tool execution.
Shopify access is mediated through a third-party integration hub. This is disclosed and purpose-aligned, but it creates an external data and credential boundary users should understand.
Powered by ClawLink ... an integration hub for OpenClaw that handles hosted connection flows and credentials
Review ClawLink’s privacy, security, and authorization model before connecting stores that contain sensitive customer, order, or business data.