shopify product

v1.0.1

Search Shopify products and analyze winning items with PPSPY. Filter products by price, category, sales, and revenue, and inspect bestselling products by store.

⭐ 0· 84·0 current·0 all-time

by@fanyanggod

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The name/description (Shopify product research via PPSPY) matches the declared requirement (PPSPY_API_KEY) and the listed tools. Requesting npm to install a PPSPY connector is coherent with the stated purpose.

ℹ

Instruction Scope

SKILL.md's runtime instructions are narrowly scoped to installing/running ppspy-mcp-server and using the PPSPY API key; it does not instruct reading unrelated files or env vars. However, there is an internal inconsistency: the package-install step and mcpServers block are embedded in SKILL.md even though the registry metadata listed 'No install spec' — the skill does instruct the agent to perform installation and run a local server process.

Install Mechanism

The skill directs a global npm install: 'npm install -g ppspy-mcp-server@1.0.1' and will run that binary as an MCP server. Npm packages can execute arbitrary code during install/run and the package/publisher provenance is not provided. This is a moderate-to-high risk compared with instruction-only skills or installs from well-known, verifiable release sources.

✓

Credentials

Only PPSPY_API_KEY is required and is appropriately listed as the primary credential. That credential is proportional to the skill's stated function.

ℹ

Persistence & Privilege

always: false (no forced inclusion), but the skill will install and run a local MCP server process which persists on the host while running. The skill can be invoked autonomously by agents (default), which combined with running a third-party server increases potential blast radius if the package is malicious.

What to consider before installing

This skill appears to do what it says, but it requires globally installing and running an npm package (ppspy-mcp-server) from the npm registry. Before installing: 1) Verify the npm package and its maintainer (npmjs.com/package/ppspy-mcp-server or its source repo), review its code or changelog for suspicious behavior; 2) Prefer installing in an isolated environment or container rather than globally; 3) Limit the PPSPY_API_KEY permissions if possible, and rotate the key after testing; 4) Monitor network activity and billing/usage from your PPSPY account during initial use; 5) If you cannot verify the package source, treat this as higher risk and avoid installing it on sensitive machines.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis

Binsnpm

EnvPPSPY_API_KEY

Primary envPPSPY_API_KEY

latestvk972kv1j5e6n544ac73ex78tg5842ceg

84downloads

0stars

2versions

Updated 2w ago

v1.0.1

MIT-0

Shopify Product

Search Shopify products, explore winning product ideas, and inspect bestselling products by store.

Keywords: shopify product.

Setup

Visit the official website at ppspy.com to view real-time dashboard data and product UI.
Visit the direct API site at api.ppspy.com to get your API key and manage billing/recharge.
Set the environment variable: PPSPY_API_KEY

Available Tools (3 total)

Shopify Product Research (3 tools)

ppspy_shopify_product_list — Search and filter Shopify products by price, sales, category, revenue
ppspy_shopify_bestselling_product_list — Get bestselling products for a specific store
ppspy_product_category_list — Get product categories

Usage Examples

"Search Shopify products under $50 with high monthly sales"
"Show bestselling products for this Shopify store"
"Find winning Shopify products in this category"
"List product categories before I search"

Credits

Each API call consumes credits from your PPSPY account:

Shopify Product Search: 1 credit per record
Supplement APIs: Free

Comments

Loading comments...