Is zachgodsell93/shopify-admin-api safe?
https://clawhub.ai/zachgodsell93/shopify-admin-api
This skill provides comprehensive documentation for Shopify Admin API integration, enabling full store management capabilities. While the functionality is powerful and requires significant privileges, the skill contains only documentation with no executable code, shows no signs of malicious behavior, and maintains proper canary integrity.
Category Scores
Findings (4)
MEDIUM Broad Administrative Permissions -15 ▶
The skill requests comprehensive access to Shopify store administration including orders, customers, products, inventory, financial transactions, and webhooks. While legitimate for its intended purpose, this represents significant privilege escalation.
LOW External API Communication by Design -10 ▶
The skill is designed to communicate with external Shopify APIs, which involves transmitting potentially sensitive business data over the network. This is expected behavior but represents data leaving the local environment.
LOW Network Activity During Installation -5 ▶
Installation involved connections to external services beyond the expected clawhub.ai registry, including CDN endpoints.
MEDIUM High-Privilege Functionality Risk -20 ▶
The skill provides access to critical business functions including financial transactions, customer data, and inventory management. While apparently legitimate, compromise of the associated credentials could enable significant business disruption.