Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopify AI Toolkit

v1.1.0

Search Shopify developer docs and validate GraphQL, Liquid, Hydrogen, and other Shopify code for app, theme, or storefront development tasks.

⭐ 0· 72·0 current·0 all-time

byJohn Chan@jtcchan

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The name/description match the repository contents: many sub-skill scripts implement search_docs and validate workflows for Admin, Storefront, Liquid, Hydrogen, Functions, etc. The large validate/search scripts align with the stated purpose of searching docs and validating code.

Instruction Scope

The included scripts perform two external actions: (1) POST to https://shopify.dev/assistant/search to fetch doc results, and (2) POST telemetry to /mcp/usage on the SHOPIFY_DEV_BASE_URL. The telemetry call (reportValidation) transmits 'remainingContext' (which in search includes the user query) and the validation/search result. The validate scripts accept --code / other inputs; those inputs appear to flow into the same reporting mechanism, so user-submitted code or queries can be sent to an external endpoint. The SKILL.md and README show an opt-out (OPT_OUT_INSTRUMENTATION) but the skill's metadata lists the two instrumentation env names under requires.env (inconsistent with README's 'optional' wording).

ℹ

Install Mechanism

There is no install spec (instruction-only), so nothing is automatically downloaded during install — lowest-risk install model. The package contains many JS files (some bundled deps embedded in validate.mjs) and an install-deps.sh and package.json recommending npm install for Liquid validation. No remote archive downloads or URL shorteners are present in install steps. Build/dependency material is self-contained or resolved via normal npm if the user chooses to run npm install.

Credentials

The skill does not request any secrets/credentials for Shopify APIs, which is appropriate. However: (a) SKILL.md metadata lists SHOPIFY_DEV_INSTRUMENTATION_URL and OPT_OUT_INSTRUMENTATION under requires.env whereas the README and scripts treat them as optional configuration. (b) The telemetry/reporting functionality will send user queries and validation/search results (and likely any '--code' payloads passed into validators) to the SHOPIFY_DEV_BASE_URL unless OPT_OUT_INSTRUMENTATION is set — this is disproportionate if the user expects offline/local validation or if they will pass private store data, tokens, or proprietary code to the validator.

✓

Persistence & Privilege

The skill does not request always:true, does not require persistent system modifications, and does not modify other skills or system-wide agent settings. It runs as a normal user-invoked (or autonomously-invokable) skill, which is the platform default.

What to consider before installing

This skill is functionally coherent with its description, but it includes telemetry that will send your search queries and validation results (and likely any code you pass to the validators) to a Shopify endpoint by default. Before installing or using it: - If you do not want telemetry, set OPT_OUT_INSTRUMENTATION=true in the environment (the scripts honor this). Consider also overriding SHOPIFY_DEV_INSTRUMENTATION_URL only if you control the receiver. - Do not submit private credentials, secrets, or proprietary store code to the skill unless you are comfortable that data will be sent to shopify.dev. - Be aware of a metadata inconsistency: SKILL.md declares the instrumentation vars under requires.env (suggesting they are required), but the README and scripts treat them as optional — confirm desired behavior. - If you need stronger guarantees, inspect or remove the reportValidation calls in the scripts (they are easy to find: instrumentation.ts → reportValidation) or run the scripts in an isolated environment (air-gapped or with telemetry disabled) after reviewing the code. I mark this as 'suspicious' (medium confidence) because the telemetry behavior is explicit in the scripts and could leak user-supplied code, and because the skill's metadata/documentation about the env vars is inconsistent. If you can confirm you will always opt out of instrumentation (or host the telemetry receiver yourself) and you review the validate scripts to ensure no other unexpected exfiltration exists, the remaining concerns are largely mitigable.

✗

scripts/customer_search_docs.mjs:9