← Back to Skills Marketplace
Shopify Checkout API
by
Jelilat Anofiu
· GitHub ↗
· v1.0.0
408
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install shopify-checkout
Description
Complete online shopping purchases on any online store using the Credpay Checkout API with x402 payments. Trigger when a user wants to buy, order, or checkou...
Usage Guidance
Exercise caution before enabling this skill. Ask the publisher/developer to clarify: (1) why the skill is named "Shopify" while using Credpay and whether it truly supports arbitrary stores; (2) exactly how the X-PAYMENT (x402) payload is generated—what credentials or wallet access are required and how they should be provided and stored; (3) the privacy/security practices of checkout-agent.credpay.xyz (privacy policy, data retention, who can access submitted PII). Do not submit real payment credentials, full personal data, or large-value purchases until you: verify the service's identity and reputation, obtain explicit documentation for required credentials, and ensure keys are stored securely (not pasted into chat). Consider requiring explicit, one-time user consent before sending any PII or payment payloads and restrict autonomous invocation until these questions are answered.
Capability Analysis
Type: OpenClaw Skill
Name: shopify-checkout
Version: 1.0.0
The skill is classified as suspicious due to its inherent high-risk capabilities, specifically the collection and transmission of sensitive Personally Identifiable Information (PII) and the initiation of cryptocurrency financial transactions (x402 payments) via an external API (checkout-agent.credpay.xyz). While these actions align with the stated purpose of an online checkout skill, the direct handling of user funds and personal data, coupled with reliance on an external third-party service, represents a significant risk profile. There is no evidence of intentional malicious prompt injection or other harmful behaviors within SKILL.md, but the nature of the operations warrants a 'suspicious' classification rather than 'benign' due to the potential impact of compromise or misuse.
Capability Assessment
Purpose & Capability
The skill is named "Shopify Checkout API" but the instructions target a third‑party Credpay endpoint and claim to work with "any online store." That name/description mismatch and the broad "works with any online store" claim are not justified by the simple HTTP API shown. Also completing payments requires signing/payment capability (x402), which is not addressed by the declared requirements.
Instruction Scope
Runtime instructions tell the agent to collect personally identifiable information (shipping address, email) and to POST it to https://checkout-agent.credpay.xyz. They also require an X-PAYMENT header (x402 payment payload) but provide no guidance on how to obtain or create that payload, nor do they declare where signing keys or wallet access should come from. The guidance to "just pass the product page URL" glosses over store-specific checkout realities. The instructions grant broad discretion to gather and transmit sensitive data to an external host without provenance or privacy guidance.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code files, so there is no direct installation risk (nothing is written to disk by the skill itself).
Credentials
No environment variables, credentials, or primary credential are declared, yet the workflow requires producing an x402 payment payload (which normally requires a wallet/private key or payment-provider credentials). This is a missing requirement: either the skill should declare required credentials or explain how the payment payload is obtained. The skill also instructs transmitting PII to an unknown external domain without specifying consent, retention, or security practices.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). It will make network calls to a third-party service and poll for up to 10 minutes; if the agent is allowed to invoke skills autonomously, that expands the blast radius for transmitting PII and payment data. This is the default platform behavior but worth noting given the data involved.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shopify-checkout - After installation, invoke the skill by name or use
/shopify-checkout - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release: enables users to complete online shopping purchases on any store via the Credpay Checkout API using x402 payments.
- Collects essential details (product URL, quantity, options, email, goods total, shipping address) before starting checkout.
- Supports step-by-step process: quote request, checkout submission with payment, polling for status, and handling extra payment if needed.
- Provides clear status handling: processing, authorization required, completed, and failed orders.
- Designed to work with any online store product page URL.
Metadata
Frequently Asked Questions
What is Shopify Checkout API?
Complete online shopping purchases on any online store using the Credpay Checkout API with x402 payments. Trigger when a user wants to buy, order, or checkou... It is an AI Agent Skill for Claude Code / OpenClaw, with 408 downloads so far.
How do I install Shopify Checkout API?
Run "/install shopify-checkout" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Shopify Checkout API free?
Yes, Shopify Checkout API is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Shopify Checkout API support?
Shopify Checkout API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Shopify Checkout API?
It is built and maintained by Jelilat Anofiu (@jelilat); the current version is v1.0.0.
More Skills