Is shopify safe?

https://clawhub.ai/byungkyu/shopify

62
CAUTION

This skill advertises as 'shopify' but contains only an empty SKILL.md and a lock.json referencing an unrelated skill called 'academic-research-hub'. The installation process timed out while accessing sensitive files including .aws/credentials and .env. While some file access may be attributable to the openclaw platform's initialization, the AWS credentials access combined with the name mismatch and empty payload raises significant concern about the skill's intent.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 35/100 · 25%
Code Execution 55/100 · 20%
Clone Behavior 60/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (8)

HIGH AWS credentials accessed during installation -40

The installation process opened and read /home/oc-exec/.aws/credentials. A Shopify-related skill has no legitimate reason to access AWS credentials. This could indicate credential harvesting during the install phase.

HIGH .env file accessed during installation -25

The installation process read the user's .env file which typically contains API keys, secrets, and sensitive configuration. No skill installation should require reading the user's environment secrets.

MEDIUM Skill name mismatch — lock.json references 'academic-research-hub' not 'shopify' -40

The skill is advertised as 'shopify' but the lock.json inside the repository references a completely different skill called 'academic-research-hub'. This indicates either a repurposed repository, a bait-and-switch, or a misconfigured skill. Users expecting Shopify functionality will get something entirely different.

MEDIUM Installation timed out with non-descriptive error 0

The skill installation failed with a timeout error, meaning the skill is non-functional. Combined with the name mismatch, this suggests the repository is either abandoned, broken, or intentionally deceptive.

MEDIUM JIT-compiled JavaScript modules created in /tmp during install -15

Multiple .cjs files were created in /tmp/jiti/ during installation. While these appear to be jiti transpilation cache from the openclaw runtime rather than the skill itself, the volume of compiled modules (memory-core, plugin-sdk, runtime, config-schema, channels-registry) during a failed install is noteworthy.

LOW Empty SKILL.md provides no functionality -10

The SKILL.md file is completely empty. The skill provides zero instructions, capabilities, or prompt content. This means installing it adds nothing useful while still triggering the installation pipeline that accesses sensitive files.

MEDIUM Auth profiles accessed during installation 0

The openclaw agent auth-profiles.json was read during installation. This file likely contains OAuth tokens or API credentials for connected services.

INFO No canary files tampered with 0

All honeypot files remained intact, suggesting no direct file-based exfiltration attempt.