ops-ecom

SUSPICIOUS. The core Shopify/ShipBob API usage matches the stated e-commerce ops purpose, but the setup flow is far too invasive: it hunts for credentials across local files, password managers, keychain, browser history, and third-party secret stores before asking the user. Data flows mostly target official APIs, so this is not confirmed malware, but the credential-discovery behavior, broad permissions, and automated app-creation steps make the skill high risk and disproportionate to its stated purpose.