Shopify mcp

The skill provides a legitimate integration with Shopify's MCP server (catalog.shopify.com) for product and catalog discovery. The included scripts (init-mcporter.sh and invoke.sh) are well-structured and implement secure handling of OAuth tokens by seeding the mcporter vault using environment variables and file locking to prevent race conditions. It follows security best practices, such as passing secrets to jq via environment variables to avoid exposure in process listings, and contains no evidence of data exfiltration or malicious intent.