Security audit

Shopify Product Uploader

Security checks across malware telemetry and agentic risk

Overview

This Shopify skill does what it claims, but it asks users to paste and persist a powerful Shopify Admin API token that can change store products, inventory, and collections.

Review this carefully before installing. Use the narrowest Shopify scopes possible, prefer a secrets vault or environment variable over pasting the Admin API token into chat, set uploads to draft by default, confirm every bulk or destructive action, and rotate or revoke the token when you stop using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The guide explicitly instructs users to paste a live Shopify Admin API token into bot chat and says it will be stored for future use. An admin token with product, inventory, and collection write scopes is highly sensitive; exposing it through conversational interfaces increases the risk of unauthorized store modification, token leakage through logs, memory, transcripts, or downstream integrations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad and explicitly allow activation on 'similar' wording for a skill that can create, update, archive, and delete Shopify products. In an agent setting, this raises the risk of unintended invocation from ambiguous user requests, leading to unauthorized or accidental storefront modifications before the user realizes the commerce workflow has started.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The destructive triggers ('take down', 'archive', 'unpublish') are short, common phrases that could appear in ordinary conversation, making accidental activation more likely. Although later workflow steps mention confirmation, vague invocation still increases the chance that the agent enters a destructive path and acts on the wrong product or user intent, especially in multi-turn conversations.

Ssd 3

High

Confidence: 99% confidence
Finding: This setup instructs users to submit a live admin credential in plain chat and states that the bot will retain it for future use, which materially increases exposure. In the context of a commerce admin integration, this is especially dangerous because compromise of the token enables persistent unauthorized product, inventory, and collection operations against the store.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal