Back to skill
Skillv7.0.0
ClawScan security
Shopify Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 12:25 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it's a documentation/reference toolkit for Shopify that asks for no credentials, has no install steps, and its included script only emits static help text.
- Guidance
- This skill appears to be a static Shopify development reference and is coherent with its description. Before installing, you can (1) open scripts/script.sh in full to confirm it only emits documentation (no network calls, exec, curl, wget, or reading of sensitive files), and (2) confirm SKILL.md's claim that it makes no external API calls. Because the repository file shown in the listing was truncated in the provided data, reviewing the full script locally will remove remaining uncertainty.
Review Dimensions
- Purpose & Capability
- okName/description match the contents: SKILL.md and scripts/script.sh provide Shopify development reference material (Liquid, APIs, theme migration, security guidance). No unrelated binaries or credentials are requested.
- Instruction Scope
- okRuntime instructions are limited to printing reference documentation (run scripts/script.sh with subcommands). The SKILL.md explicitly states no external API calls or credentials are required and the included shell script emits heredocs rather than performing I/O or network access.
- Install Mechanism
- okNo install spec is provided (instruction-only), so nothing is downloaded or written to disk by an installer. This is the lowest-risk model and matches the skill's purpose.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and references no config paths. That aligns with a read-only documentation/reference skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or configuration changes. Autonomous invocation is permitted by default (normal) and not combined with other red flags.