Latest release: v1.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill purpose matches the content: Shopify app, theme, API, Hydrogen, and React/Node guidance. It includes Admin API CRUD and deployment-related examples, which are expected for Shopify development but can affect a live store if used with real credentials.
Instruction Scope
The instructions emphasize fetching current official documentation before coding. This is disclosed, purpose-aligned, and scoped to Shopify and related developer docs rather than attempting to override unrelated user goals.
Install Mechanism
The registry says there is no install spec, no required binaries, no required environment variables, and no declared credentials. The included Python scripts appear to be safety checks, and the provided manifest does not show automatic hook installation or background execution.
Credentials
The skill itself does not request credentials, but its sample Shopify app patterns use API keys, secrets, OAuth tokens, and write scopes. This is normal for Shopify app development, but users should keep secrets out of chat and grant least privilege.
Persistence & Privilege
The skill does not show its own persistence, but generated Shopify app examples discuss session storage and stored access tokens. That is purpose-aligned for Shopify apps, but should be implemented securely by the user.
Assessment
This skill appears safe to install as a Shopify development assistant. Before using it with a real store, keep credentials out of chat, grant the smallest Shopify scopes needed, review generated GraphQL mutations and CLI commands, and avoid live deployments or destructive operations without explicit confirmation.