ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopify Runtime

v1.0.0

Use when the user wants direct Shopify runtime access through one configured store: inspect setup status, search Shopify docs, or execute JavaScript against...

1· 77·0 current·0 all-time
byMark Yan@ypyf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, declared env vars (SHOPIFY_STORE_DOMAIN, SHOPIFY_CLIENT_ID, SHOPIFY_CLIENT_SECRET), and included scripts align with providing direct programmatic access to a single Shopify store. One noteworthy implementation detail: the provider exchanges client_id + client_secret via a client_credentials-style POST to /admin/oauth/access_token; that grant is unusual for Shopify's common OAuth flows, so confirm this token-exchange matches your Shopify app model.
Instruction Scope
SKILL.md instructs running the bundled Node CLI to inspect status, search docs, or execute JS. The runtime enforces a blacklist of dangerous JS patterns (no process, globalThis, eval, fs, child_process, dynamic import, etc.) and executes user scripts in a VM-like sandbox. However, scripts can call provider.graphql/provider.request (intended to reach the configured store). You should verify provider.request is restricted to the target store domain (and not usable to reach arbitrary external endpoints) if you are concerned about exfiltration or cross-host requests.
Install Mechanism
No install spec is provided and the skill ships as code files (lib/, scripts/, references/). Nothing is downloaded from external URLs during install; the skill runs as a local Node script — this is low install risk. (Because it contains executable code, you should still review the included files before running.)
Credentials
The skill requests the expected Shopify inputs (store domain, client id, client secret) and marks the client secret as primaryEnv. The number and type of env vars are proportionate to the stated functionality; there are no unrelated secrets or config paths requested.
Persistence & Privilege
always is false and the skill does not request special system paths or other skills' credentials. It runs per-agent with injected environment variables; default autonomous invocation is allowed (platform default) but not a property of this skill that increases privilege beyond its declared scope.
Assessment
This skill appears internally coherent, but take these practical steps before installing or enabling it in production: - Verify the source/trustworthiness of the skill package (it has no homepage or known publisher). If you don't trust the author, don't supply secrets. - Confirm the token-exchange behavior matches your Shopify app: check that exchanging client_id + client_secret for an Admin token is acceptable for your app type and environment. If your org uses a different OAuth flow, do not reuse sensitive credentials here. - Audit shopify-provider.mjs (provider.request/provider.graphql) to ensure requests are restricted to the configured store domain and cannot be repointed to arbitrary external hosts (this is the main exfiltration risk when scripts can make network requests). - Run the skill against a non-production store first, and/or with a scoped test client secret with minimal scopes required for your tasks. - If you are uncomfortable with the agent invoking this skill autonomously, disable autonomous invocation or require explicit user invocation in OpenClaw configuration. If you want, I can search the repository for any code paths that would permit requests to arbitrary domains or show the remainder of shopify-provider.mjs so you can review the request-building logic in detail.
lib/runtime.mjs:70
Shell command execution detected (child_process).
lib/runtime.mjs:37
Environment variable access combined with network send.
!
lib/runtime.mjs:551
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976zscd52cgxx26v7vfd9qb4s83bmtp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSHOPIFY_STORE_DOMAIN, SHOPIFY_CLIENT_ID, SHOPIFY_CLIENT_SECRET
Primary envSHOPIFY_CLIENT_SECRET

Comments