← Back to Skills Marketplace
robsannaa

Shopify Admin

by robsanna · GitHub ↗ · v1.1.2
cross-platform ⚠ suspicious
841
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install shopify-admin
Description
Shopify Admin API CLI for orders, products, customers, and store management. Uses REST and GraphQL APIs with environment-based authentication.
Usage Guidance
This skill appears to do exactly what it says: run Shopify Admin API calls using the SHOPIFY_STORE_DOMAIN and SHOPIFY_ACCESS_TOKEN. Before installing, verify the token's scope (grant least privilege — read-only if you only need reads; avoid broad admin tokens if not necessary). Because the source/homepage is unknown, you may want to review the included shopify-admin.sh file (it is short and readable) and run the skill in an isolated environment or with a dedicated Shopify API token. Rotate the token if you later remove the skill, and ensure your gateway process does not expose other unrelated secrets to the same environment.
Capability Analysis
Type: OpenClaw Skill Name: shopify-admin Version: 1.1.2 The `shopify-admin.sh` script is vulnerable to shell injection. Arguments passed to subcommands (e.g., `order_id`, `product_id`) are directly interpolated into `curl` commands without proper sanitization or quoting, allowing an attacker to inject arbitrary shell commands via crafted input. This could lead to Remote Code Execution (RCE) on the host system where the skill is executed, making it a significant security vulnerability.
Capability Assessment
Purpose & Capability
Name and description claim a Shopify Admin API helper; the included SKILL.md and shopify-admin.sh implement exactly that. Required binaries (curl, jq) and required env vars (SHOPIFY_STORE_DOMAIN, SHOPIFY_ACCESS_TOKEN) are appropriate and expected for this purpose.
Instruction Scope
Runtime instructions and the script only perform API calls to the Shopify store domain built from SHOPIFY_STORE_DOMAIN and use SHOPIFY_ACCESS_TOKEN. The SKILL.md explicitly states it does not source any files and the script honors that. No instructions reference other system files, unrelated env vars, or external endpoints.
Install Mechanism
No install spec (instruction-only plus an included script). Nothing is downloaded or written by an installer. This is a low-risk setup consistent with a small CLI helper.
Credentials
Only SHOPIFY_STORE_DOMAIN and SHOPIFY_ACCESS_TOKEN are required; these map directly to the Shopify Admin API usage. No additional unrelated credentials, config paths, or secret variables are requested.
Persistence & Privilege
always is false and the skill does not request elevated system presence or modify other skills/configuration. It can be invoked autonomously (platform default), which is normal for skills; this combined with the limited credential scope does not increase risk beyond expected behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shopify-admin
  3. After installation, invoke the skill by name or use /shopify-admin
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
Security: script no longer sources any env file; uses process env only. Declared required bins (curl, jq). Docs clarify environment and prerequisites.
v1.1.1
Minor updates and refinements.
v1.1.0
Read-write: orders (update note/tags, cancel), products (create/update/delete), customers (create/update), inventory set, discounts (price rules + codes). Safety: confirm before destructive actions.
v1.0.0
Initial release: read store data (orders, products, customers, inventory, discounts) via Admin API.
Metadata
Slug shopify-admin
Version 1.1.2
License
All-time Installs 2
Active Installs 2
Total Versions 4
Frequently Asked Questions

What is Shopify Admin?

Shopify Admin API CLI for orders, products, customers, and store management. Uses REST and GraphQL APIs with environment-based authentication. It is an AI Agent Skill for Claude Code / OpenClaw, with 841 downloads so far.

How do I install Shopify Admin?

Run "/install shopify-admin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shopify Admin free?

Yes, Shopify Admin is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Shopify Admin support?

Shopify Admin is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shopify Admin?

It is built and maintained by robsanna (@robsannaa); the current version is v1.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments