ClawHub

Shopify Expert

v1.0.0

Enable Shopify superpowers for OpenClaw. Get a massive boost in knowledge about everything related to Shopify in general and Shopify development.

0· 97·0 current·0 all-time
by@realm1lf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Shopify guidance + references) align with what is included: a snapshot of shopify.dev docs and advice for using the Admin APIs. The single required env var (SHOPIFY_SHOP_DOMAIN) and optional use of curl are coherent with the stated purpose.
Instruction Scope
SKILL.md limits runtime behavior to using bundled references and calling Shopify over HTTPS (curl or similar). It instructs the agent to confirm shop context, API version, and scopes before writes, and explicitly warns not to echo secrets. The instructions do not ask the agent to read unrelated system files or collect data outside Shopify context.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. This is the lowest-risk install model.
Credentials
Only SHOPIFY_SHOP_DOMAIN is required for eligibility, which is proportionate. The docs reference conventional tokens (e.g., SHOPIFY_ADMIN_API_ACCESS_TOKEN) for real API calls — those are not required by the skill but if you supply them and allow curl, the agent can make authenticated calls. Treat providing access tokens or broad network access as a risk decision.
Persistence & Privilege
always is false and the skill does not request any elevated platform privileges or modify other skills/config. Autonomous invocation is allowed by default (normal for skills) but not combined with other concerning flags.
Assessment
This skill is largely a bundled snapshot of Shopify developer docs and guidance — it appears internally coherent. Main things to consider before installing: - Provide only the minimal environment/config the skill needs for eligibility (SHOPIFY_SHOP_DOMAIN). Do not store admin access tokens in plaintext or paste them in chat. Use the platform's secret store for tokens. - If you supply an Admin API access token and allow outbound HTTP (curl), the agent can make authenticated API calls that modify production data. Require human approval or limit scopes when performing write operations. - The bundled docs are a point-in-time snapshot; verify payloads, API versions, and scopes against live shopify.dev for accuracy before relying on examples for production changes. - If you need stricter controls, restrict the agent's network access to only the specific Shopify hosts and require explicit user confirmation for any destructive or bulk operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk9746953k0g3xv5k6bp6f9gaq183kzbj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any bincurl
EnvSHOPIFY_SHOP_DOMAIN

Comments