Ucp Checkout Mcp
SuspiciousAudited by ClawScan on May 13, 2026.
Overview
This is a coherent checkout/MCP implementation guide, but it explicitly enables AI-agent purchase completion without defining clear approval or spending safeguards.
Review this skill carefully before use in any real checkout system. It is not hiding code, but it documents high-impact commerce tools; only install or follow it if you can enforce human confirmation before purchases, protect Shopify credentials, and secure the MCP endpoint and payment data flows.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or implementation based on this guidance could place orders or trigger charges without clear user confirmation safeguards.
The skill describes an AI-callable tool that can finalize purchases using payment data and explicitly frames autonomous purchasing as a use case, without artifact guidance on per-purchase approval or limits.
`complete_checkout` | `POST .../complete` | `id + payment_data + idempotency_key`; `You want AI agents to autonomously browse and purchase without REST client code`
Require explicit user confirmation before `complete_checkout`, enforce spending and merchant limits, validate authorization server-side, keep idempotency and audit logs, and document cancellation/refund handling.
Over-scoped or mishandled client credentials could allow broader checkout or store access than intended.
The integration expects delegated provider credentials and access tokens, which is purpose-aligned for Shopify MCP access but carries account authority.
Authentication uses `POST https://api.shopify.com/auth/access_token` with client credentials
Use least-privilege Shopify credentials, store tokens securely, avoid exposing secrets in prompts or logs, and declare required credential/config expectations clearly.
Changed, incorrect, or misidentified documentation could alter tool schemas or behavior in the resulting implementation.
The implementation relies on live web-search and fetched documentation rather than pinned bundled specs; official domains are named, so this is purpose-aligned but dynamic.
**Fetch live spec**: Web-search `site:ucp.dev specification checkout-mcp` and fetch the page for exact tool definitions
Verify fetched content is from official ucp.dev or shopify.dev URLs, review it before coding, and pin/specify versions where possible.
Checkout or payment details could be exposed to the wrong agent, server, logs, or provider integration if MCP access controls and logging are not designed carefully.
The documented MCP flow can carry checkout and payment data through an AI-agent-callable interface; this is expected for checkout but requires clear data and identity boundaries.
`merchant MCP server` that `AI agents (Claude, Gemini, etc.) call via tool use`; `complete_checkout` ... `payment_data`
Require authenticated MCP clients, encrypt transport, minimize payment data exposure, avoid logging sensitive fields, and define which agents or users may call each checkout tool.