shopify-payments-apps
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash tool to execute local helper scripts, specifically
scripts/search_docs.mjsandscripts/validate.mjs, which facilitate documentation retrieval and code verification. - [EXTERNAL_DOWNLOADS]: The
search_docs.mjsscript performs network requests toshopify.devto fetch the latest API documentation and search results. - [DATA_EXFILTRATION]: The skill reports anonymized usage data, including search queries and client metadata, to Shopify's official developer endpoint (
shopify.dev/mcp/usage). This telemetry is explicitly disclosed and can be disabled by the user via environment variables.
Audit Metadata