ClawHub

Shopify Admin

Security checks across malware telemetry and agentic risk

Overview

This is a real Shopify admin helper, but it needs Review because it can delete live store products without safeguards and its docs suggest bypassing Shopify PII masking with webhooks.

Install only after reviewing the script and limiting the Shopify token to the exact scopes needed. Prefer read-only scopes unless writes are required, remove or ignore the PII-before-masking webhook workaround, and require explicit human approval before any delete or other store-changing command runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The documentation advises a workaround to obtain customer PII via webhooks when the API would otherwise mask it, which encourages bypassing privacy controls and expanding collection beyond the stated scope. That can lead to unauthorized personal-data harvesting and compliance violations, especially because this skill already handles customer and analytics data.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata understates the actual data access exposed by the script. In addition to general store management, it retrieves marketing events, reports, customer event history, and attribution/analytics data, which may include sensitive business intelligence and customer-behavior information; this mismatch can cause an agent or operator to invoke capabilities they did not knowingly authorize.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script includes a destructive delete-product operation, but the skill description does not clearly disclose write/destructive behavior. This is dangerous because users or higher-level agents may assume the tool is primarily informational/admin read access and accidentally trigger irreversible state changes in a production Shopify store.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill includes a product deletion example without any warning, confirmation step, or safety guard. In an agent or automation context, this increases the chance of accidental destructive actions against a live store's inventory and catalog.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The customer and order examples expose access paths to names, emails, and other sensitive order-linked customer data without any privacy or least-privilege warning. In a general-purpose agent skill, that omission makes misuse or over-collection of customer data more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The marketing, attribution, analytics, and customer-events sections describe broad tracking and behavioral-data access without warning about privacy, consent, or lawful-use constraints. This is risky because the data can be used to profile users and correlate browsing behavior with customer identities.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
delete-product issues an immediate DELETE request with only a product ID and no warning, confirmation, or safety interlock. In an agent setting, ambiguous prompts, mis-typed IDs, or prompt-injection-driven tool use could lead to unintended product deletion, disrupting storefront availability and operations.

Ssd 3

High
Confidence
98% confidence
Finding
Suggesting webhooks as a way to capture customer PII before Shopify masks it is effectively an instruction to circumvent an intended privacy limitation. That creates a strong risk of deliberate overcollection of personal data and can materially increase legal, compliance, and insider-misuse exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal