shopify-products

[Skill Scanner] Credential file access detected This skill's documented behavior is coherent with its purpose: managing Shopify products via official GraphQL Admin API and CSV import. The primary security considerations are the high privilege of the required Admin API token and operational hygiene when using browser automation or handling local CSV/image files. There are no signs of malicious behavior, credential harvesting to third parties, or supply-chain download-execute patterns in the provided content. Use of the skill requires careful secret handling (protect Admin tokens) and caution when automating browser uploads to avoid exposing session credentials. LLM verification: No evidence of malicious code or intentional exfiltration was found in the provided skill description and examples. The primary security concerns are operational: protecting the high-privilege Admin API token (avoid plaintext config files in VCS), and careful handling of browser automation to prevent credential/session leakage. Recommend adding explicit secure-storage guidance, example redaction of tokens, and runtime checks for staged upload endpoints. Overall the module appears legitimate and