shopify-setup

This skill is a how-to guide for installing Shopify CLI, creating a custom app, obtaining an Admin API access token, and verifying access. It is functionally coherent with its stated purpose and does not contain code that programmatically performs malicious actions or secret exfiltration. The primary security concerns are operational: handling of long-lived Admin API tokens (recommendation to store in a local plaintext file) and forwarding tokens to an external vault tool without describing trust boundaries. Installation of third-party tools (npm global CLI, browser automation) carries standard supply-chain risk but is consistent with the workflow. Overall risk is moderate due to credential-handling guidance; the content itself is not malware but could lead to credential leakage if users follow insecure storage practices or use untrusted vault/automation tooling.