Skills
NYC
skills/microck/ordinary-claude-skills/shopify/Gen Agent Trust Hub

shopify

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to perform a global installation of the @shopify/cli package.
  • Evidence: npm install -g @shopify/cli@latest in SKILL.md.
  • Risk: Installing packages from external registries can introduce security risks if the registry or package is compromised.
  • [COMMAND_EXECUTION] (MEDIUM): The skill directs the user to run a local Python script whose source code is not included in the provided files.
  • Evidence: python scripts/shopify_init.py in SKILL.md.
  • Risk: Executing unverified scripts is a significant security risk as the script could perform malicious actions like file system modification or network connections.
  • [COMMAND_EXECUTION] (LOW): The skill relies on various CLI commands for Shopify development.
  • Evidence: shopify app dev, shopify theme push, etc., in SKILL.md.
  • Risk: While standard for development, these commands interact with the host system and external Shopify APIs, modifying local and remote resources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:29 PM