← Back to Skills Marketplace

Magento 2 Admin

Name: Magento 2 Admin
Author: nj070574-gif

by Only 1 Naren · GitHub ↗ · v5.6.1 · MIT-0

cross-platform ✓ Security Clean

193

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install magento-admin

Description

Complete Magento 2 store administration via SSH key auth, REST API, GraphQL, and direct DB access. For server owners on their own infrastructure. SSH key aut...

README (SKILL.md)

magento-admin v5.6 — Complete Magento 2 Administration

Overview

This skill gives an OpenClaw agent the ability to fully administer a Magento 2 store via SSH, REST API, GraphQL, and direct database access. It is designed for use by the server owner on their own infrastructure.

All credentials are supplied by you in your private config file and are used only to connect to your own server. Nothing is sent to third parties.

Security Notes

SSH key auth recommended over password auth where possible
All credentials are stored only in your private config, never in the skill itself
The skill connects only to the server you configure
Review all commands before enabling autonomous execution

Configuration

Create a private config file at: Set the following variables in your openclaw.json env block:

Set these variables — all commands in this skill use them as placeholders:

Variable	Description	Example
MAGENTO_HOST	Server IP or hostname	10.0.1.50
MAGENTO_SSH_USER	SSH username	deploy
MAGENTO_SSH_KEY	Path to SSH private key	~/.ssh/magento_deploy
MAGENTO_WEB_ROOT	Magento path	/var/www/html/magento2
MAGENTO_PHP	PHP binary	/usr/bin/php8.3
MAGENTO_WEB_USER	Web server user	www-data
MAGENTO_DB_NAME	Database name	magento_db
MAGENTO_DB_USER	DB username	magento_user
MAGENTO_DB_PASS	DB password	(your db password)
MAGENTO_BASE_URL	Store URL	https://store.example.com
MAGENTO_ADMIN_PATH	Admin path	admin
MAGENTO_ADMIN_USER	Admin username	admin
MAGENTO_ADMIN_PASS	Admin password	(your admin password)
MAGENTO_OS_URL	OpenSearch URL	http://127.0.0.1:9200
COMPOSER_PATH	Composer binary	/usr/local/bin/composer

Recommended: SSH Key Authentication

For better security, set up SSH key auth instead of password auth:



ssh -i ~/.ssh/magento_deploy -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "COMMAND"

Least-Privilege Recommendations

DB user: Create a dedicated MariaDB/MySQL user with SELECT, INSERT, UPDATE, DELETE on the Magento DB only — not GRANT or CREATE.
SSH user: Restrict passwordless sudo to specific binaries if possible (e.g. php, systemctl restart, redis-cli) rather than ALL.
REST API: MAGENTO_ADMIN_PASS is used only to obtain a short-lived session token via the Magento REST API. Consider creating a dedicated admin user with only the roles your agent needs.
SSH key: Use a dedicated key pair for the agent, not your personal key.

SSH Patterns

ssh -i ~/.ssh/magento_deploy MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento COMMAND 2>&1"

DB queries:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'QUERY' 2>&1"

REST API — get token then use it:

TOKEN=$(ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
   -H 'Content-Type: application/json' \
   -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"'")

Composer:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER bash -c 'cd MAGENTO_WEB_ROOT && php COMPOSER_PATH COMMAND 2>&1'"

FULL HEALTH CHECK

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
echo '=== VERSION ===' && sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento --version 2>&1
echo '=== MODE ===' && sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento deploy:mode:show 2>&1
echo '=== SERVICES ===' && sudo systemctl is-active apache2 nginx mariadb mysql redis-server opensearch php8.3-fpm php8.4-fpm 2>/dev/null
echo '=== LOAD ===' && uptime
echo '=== MEMORY ===' && free -h | grep Mem
echo '=== DISK ===' && df -h MAGENTO_WEB_ROOT | tail -1
echo '=== OPENSEARCH ===' && curl -s MAGENTO_OS_URL/_cluster/health 2>/dev/null | python3 -c 'import sys,json; d=json.load(sys.stdin); print(d[\"status\"])'
echo '=== REDIS ===' && redis-cli ping && redis-cli info keyspace
echo '=== CRON ===' && MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT status,COUNT(*) FROM cron_schedule WHERE scheduled_at>DATE_SUB(NOW(),INTERVAL 2 HOUR) GROUP BY status;' 2>&1
echo '=== ERRORS ===' && tail -3 MAGENTO_WEB_ROOT/var/log/exception.log 2>/dev/null | grep -c CRITICAL || echo 0
" 2>&1

CACHE

Status:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:status 2>&1"

Flush all:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1"

Clean specific type (replace TYPE):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:clean TYPE 2>&1"

Types: config layout block_html collections reflection db_ddl compiled_config eav customer_notification full_page config_integration config_integration_api translate config_webservice graphql_query_resolver_result

Redis flush by DB (0=config 1=page 2=sessions):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "redis-cli -n 0 FLUSHDB && echo cache_cleared"

INDEXING

Status:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:status 2>&1"

Reindex all:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:reindex 2>&1"

Reindex specific (replace INDEXER_ID):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:reindex INDEXER_ID 2>&1"

IDs: cataloginventory_stock catalog_category_product catalog_product_category catalog_product_price catalog_product_attribute catalogsearch_fulltext catalogrule_rule catalogrule_product customer_grid design_config_grid inventory

Rebuild OpenSearch (search broken):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  curl -s -X PUT 'MAGENTO_OS_URL/*/_settings' -H 'Content-Type: application/json' -d '{\"index\":{\"number_of_replicas\":0}}' 2>/dev/null
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:reset catalogsearch_fulltext 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:reindex catalogsearch_fulltext 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

CRON

Run now:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cron:run 2>&1"

Backlog summary:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT status,COUNT(*) AS cnt FROM cron_schedule GROUP BY status ORDER BY cnt DESC;' 2>&1"

Top failing jobs:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT job_code,COUNT(*) as cnt,MAX(messages) as err FROM cron_schedule WHERE status=\"error\" GROUP BY job_code ORDER BY cnt DESC LIMIT 10;' 2>&1"

Clear old error/missed history:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'DELETE FROM cron_schedule WHERE status IN (\"error\",\"missed\") AND scheduled_at\x3CDATE_SUB(NOW(),INTERVAL 1 DAY);' 2>&1"

Install crontab:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cron:install 2>&1"

MAINTENANCE MODE

# Enable
ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:enable 2>&1"
# Disable
ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:disable 2>&1"

ORDERS

Revenue today:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT COUNT(*) as orders,ROUND(COALESCE(SUM(grand_total),0),2) as revenue FROM sales_order WHERE DATE(created_at)=CURDATE() AND state \x3C> \"canceled\";' 2>&1"

Revenue this week:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT COUNT(*) as orders,ROUND(COALESCE(SUM(grand_total),0),2) as revenue FROM sales_order WHERE created_at>=DATE_SUB(NOW(),INTERVAL 7 DAY) AND state \x3C> \"canceled\";' 2>&1"

Revenue this month:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT COUNT(*) as orders,ROUND(COALESCE(SUM(grand_total),0),2) as revenue FROM sales_order WHERE YEAR(created_at)=YEAR(NOW()) AND MONTH(created_at)=MONTH(NOW()) AND state \x3C> \"canceled\";' 2>&1"

Last 10 orders:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT increment_id,customer_email,grand_total,status,created_at FROM sales_order ORDER BY created_at DESC LIMIT 10;' 2>&1"

Order detail (replace ORDERID with increment_id):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT o.increment_id,o.customer_email,o.grand_total,o.status,o.state,o.created_at,a.street,a.city,a.postcode FROM sales_order o LEFT JOIN sales_order_address a ON o.entity_id=a.parent_id AND a.address_type=\"shipping\" WHERE o.increment_id=\"ORDERID\";' 2>&1"

Cancel order (REST API — replace ORDER_ENTITY_ID):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/orders/ORDER_ENTITY_ID/cancel \
  -H \"Authorization: Bearer \$TOKEN\" 2>/dev/null
"

Invoice order (replace ORDER_ENTITY_ID):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/order/ORDER_ENTITY_ID/invoice \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"capture\":true,\"notify\":true}' 2>/dev/null
"

Ship order (replace ORDER_ENTITY_ID):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/order/ORDER_ENTITY_ID/ship \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"notify\":true}' 2>/dev/null
"

Refund order (replace ORDER_ENTITY_ID):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/order/ORDER_ENTITY_ID/refund \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"notify\":true,\"arguments\":{\"shipping_amount\":0,\"adjustment_positive\":0,\"adjustment_negative\":0}}' 2>/dev/null
"

Abandoned carts today:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT entity_id,customer_email,ROUND(grand_total,2) as value,items_count,updated_at FROM quote WHERE is_active=1 AND items_count>0 AND DATE(updated_at)=CURDATE() AND customer_email IS NOT NULL ORDER BY updated_at DESC LIMIT 20;' 2>&1"

Sales report by day (last 30 days):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT DATE(created_at) as day,COUNT(*) as orders,ROUND(SUM(grand_total),2) as revenue FROM sales_order WHERE created_at>=DATE_SUB(NOW(),INTERVAL 30 DAY) AND state \x3C> \"canceled\" GROUP BY DATE(created_at) ORDER BY day DESC;' 2>&1"

PRODUCTS

Total count by type:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT COUNT(*) as total,type_id FROM catalog_product_entity GROUP BY type_id;' 2>&1"

Out of stock:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT cpe.sku,csi.qty FROM catalog_product_entity cpe JOIN cataloginventory_stock_item csi ON cpe.entity_id=csi.product_id WHERE csi.is_in_stock=0 OR csi.qty\x3C=0 ORDER BY cpe.sku LIMIT 30;' 2>&1"

Update stock via REST (replace SKU and QTY):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X PUT MAGENTO_BASE_URL/rest/V1/products/SKU/stockItems/1 \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"stockItem\":{\"qty\":QTY,\"is_in_stock\":true}}' 2>/dev/null
"

Update product price via REST (replace SKU and PRICE):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X PUT MAGENTO_BASE_URL/rest/V1/products/SKU \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"product\":{\"sku\":\"SKU\",\"price\":PRICE}}' 2>/dev/null
"

CUSTOMERS

Find by email (replace EMAIL):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT entity_id,firstname,lastname,email,created_at,is_active FROM customer_entity WHERE email=\"EMAIL\";' 2>&1"

Customer LTV (replace EMAIL):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT COUNT(*) as orders,ROUND(COALESCE(SUM(grand_total),0),2) as ltv FROM sales_order WHERE customer_email=\"EMAIL\" AND state \x3C> \"canceled\";' 2>&1"

Top 10 customers by revenue:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT customer_email,COUNT(*) as orders,ROUND(SUM(grand_total),2) as ltv FROM sales_order WHERE state \x3C> \"canceled\" GROUP BY customer_email ORDER BY ltv DESC LIMIT 10;' 2>&1"

Reset customer password via REST (replace EMAIL):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X PUT MAGENTO_BASE_URL/rest/V1/customers/password \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"email\":\"EMAIL\",\"template\":\"email_reset\",\"websiteId\":1}' 2>/dev/null
"

ADMIN USERS

List all:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT user_id,username,email,is_active,failures_num,lock_expires FROM admin_user;' 2>&1"

Unlock admin (replace USERNAME):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento admin:user:unlock USERNAME 2>&1
  redis-cli -n 2 FLUSHDB
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

Create admin user (owner use — use dedicated limited-role account):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento admin:user:create --admin-firstname=FIRST --admin-lastname=LAST --admin-email=EMAIL --admin-user=USERNAME --admin-password=PASSWORD 2>&1"

CONFIGURATION

Show config path (replace PATH):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento config:show PATH 2>&1"

Set config value (replace PATH and VALUE):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento config:set PATH VALUE 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

Raw DB config lookup (replace SEARCH):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT scope,scope_id,path,value FROM core_config_data WHERE path LIKE \"%SEARCH%\" ORDER BY scope,scope_id;' 2>&1"

Multi-store list:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT w.name as website,g.name as store_group,s.name as store,s.code FROM store s JOIN store_group g ON s.group_id=g.group_id JOIN store_website w ON g.website_id=w.website_id ORDER BY w.website_id,g.group_id;' 2>&1"

EMAIL & SMTP

SMTP config:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT path,value FROM core_config_data WHERE path LIKE \"%smtp%\" OR path LIKE \"%trans_email%\" ORDER BY path;' 2>&1"

Test send (replace RECIPIENT):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento sparsh_smtp:test-mail --recipient=RECIPIENT 2>&1"

PRICE RULES & COUPONS

Active cart price rules:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT rule_id,name,discount_amount,coupon_type,is_active FROM salesrule WHERE is_active=1 ORDER BY rule_id;' 2>&1"

Coupon usage (replace COUPON_CODE):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT c.code,c.times_used,c.usage_limit,r.name FROM salesrule_coupon c JOIN salesrule r ON c.rule_id=r.rule_id WHERE c.code=\"COUPON_CODE\";' 2>&1"

Generate coupons via REST (replace RULE_ID):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
TOKEN=\$(curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/integration/admin/token \
  -H 'Content-Type: application/json' \
  -d '{\"username\":\"MAGENTO_ADMIN_USER\",\"password\":\"MAGENTO_ADMIN_PASS\"}' 2>/dev/null | tr -d '\"')
curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/rest/V1/salesRules/RULE_ID/coupons/generate \
  -H \"Authorization: Bearer \$TOKEN\" \
  -H 'Content-Type: application/json' \
  -d '{\"couponSpec\":{\"rule_id\":RULE_ID,\"qty\":5,\"length\":10,\"format\":\"alphanum\",\"prefix\":\"PROMO-\"}}' 2>/dev/null
"

MODULES

Status:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento module:status 2>&1"

Enable module (replace Vendor_Module):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento module:enable Vendor_Module 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:upgrade 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

Disable module:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento module:disable Vendor_Module 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:upgrade 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

COMPOSER — EXTENSIONS

Install extension (replace vendor/package:^version):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:enable 2>&1
  sudo -u MAGENTO_WEB_USER bash -c 'cd MAGENTO_WEB_ROOT && php COMPOSER_PATH require vendor/package:^version --no-interaction 2>&1'
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:upgrade 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:di:compile 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:static-content:deploy -f 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:disable 2>&1
"

Remove extension:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:enable 2>&1
  sudo -u MAGENTO_WEB_USER bash -c 'cd MAGENTO_WEB_ROOT && php COMPOSER_PATH remove vendor/package --no-interaction 2>&1'
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:upgrade 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:disable 2>&1
"

DEPLOYMENT

Full deploy sequence:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:enable 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:upgrade 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:di:compile 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento setup:static-content:deploy -f 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:disable 2>&1
"

GRAPHQL

Store config:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/graphql -H 'Content-Type: application/json' \
   -d '{\"query\":\"{storeConfig{store_code store_name base_url locale default_display_currency_code}}\"}' 2>/dev/null | python3 -m json.tool"

Product search (replace SEARCH_TERM):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/graphql -H 'Content-Type: application/json' \
   -d '{\"query\":\"{products(search:\\\"SEARCH_TERM\\\",pageSize:5){items{sku name price{regularPrice{amount{value currency}}}}}}\"}' 2>/dev/null | python3 -m json.tool"

Category list:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "curl -s --cacert MAGENTO_CA_CERT -X POST MAGENTO_BASE_URL/graphql -H 'Content-Type: application/json' \
   -d '{\"query\":\"{categoryList{id name url_key level children{id name url_key}}}\"}' 2>/dev/null | python3 -m json.tool"

BACKUP & RESTORE

DB backup:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  TS=\$(date +%Y%m%d_%H%M%S)
  mkdir -p /opt/magento_backups
  MYSQL_PWD=MAGENTO_DB_PASS mysqldump -uMAGENTO_DB_USER MAGENTO_DB_NAME | gzip > /opt/magento_backups/db_\${TS}.sql.gz
  ls -lh /opt/magento_backups/db_\${TS}.sql.gz && echo BACKUP_DONE
"

List backups:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "ls -lhrt /opt/magento_backups/ 2>/dev/null | tail -10"

Restore DB (replace BACKUPFILE):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:enable 2>&1
  gunzip -c BACKUPFILE | MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME && echo DB_RESTORED
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento maintenance:disable 2>&1
"

DATABASE QUERIES

DB size and largest tables:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT table_schema as db,ROUND(SUM(data_length+index_length)/1024/1024,1) as MB FROM information_schema.tables WHERE table_schema=database() GROUP BY table_schema;' 2>&1
  MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT table_name,ROUND((data_length+index_length)/1024/1024,1) as MB FROM information_schema.tables WHERE table_schema=database() ORDER BY MB DESC LIMIT 15;' 2>&1
"

Run a specific SQL query (owner use — verify query before execution):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT ...; -- replace with specific query' 2>&1"

Purge old log tables:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'DELETE FROM report_event WHERE logged_at\x3CDATE_SUB(NOW(),INTERVAL 30 DAY); DELETE FROM customer_visitor WHERE last_visit_at\x3CDATE_SUB(NOW(),INTERVAL 1 DAY); SELECT \"Done\";' 2>&1"

Optimize slow tables:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'OPTIMIZE TABLE cron_schedule,quote,report_event,customer_visitor;' 2>&1"

LOGS

Exception log:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "tail -50 MAGENTO_WEB_ROOT/var/log/exception.log 2>/dev/null"

System log:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "tail -30 MAGENTO_WEB_ROOT/var/log/system.log 2>/dev/null"

All log files with sizes:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "ls -lh MAGENTO_WEB_ROOT/var/log/ 2>/dev/null | sort -k5 -hr | head -20"

SERVICES

Check all:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo systemctl is-active apache2 nginx mariadb mysql redis-server opensearch 2>/dev/null"

Restart all (safe order):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo systemctl restart mariadb mysql redis-server 2>&1
  sleep 5
  sudo systemctl restart apache2 nginx 2>&1
  echo ALL_RESTARTED
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

OPENSEARCH

Health:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "curl -s MAGENTO_OS_URL/_cluster/health 2>/dev/null | python3 -m json.tool"

List indices:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "curl -s 'MAGENTO_OS_URL/_cat/indices?v' 2>/dev/null"

SECURITY

2FA status:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e 'SELECT u.username,u.email,t.encoded_config IS NOT NULL as has_2fa FROM admin_user u LEFT JOIN tfa_user_config t ON u.user_id=t.user_id;' 2>&1"

Reset 2FA (replace USERNAME):

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento security:tfa:reset USERNAME google 2>&1"

AUTO-HEALING

Site slow / high load:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  echo LOAD: \$(cat /proc/loadavg)
  MYSQL_PWD=MAGENTO_DB_PASS mysql -uMAGENTO_DB_USER MAGENTO_DB_NAME -e \"UPDATE cron_schedule SET status='missed' WHERE status='running' AND executed_at\x3CDATE_SUB(NOW(),INTERVAL 2 HOUR);\" 2>&1
  sudo pkill -f 'php.*cron:run' 2>/dev/null || true
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
  echo NEW_LOAD: \$(cat /proc/loadavg)
"

Admin locked out:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento admin:user:unlock MAGENTO_ADMIN_USER 2>&1
  redis-cli -n 2 FLUSHDB
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

Search broken:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST "
  curl -s -X PUT 'MAGENTO_OS_URL/*/_settings' -H 'Content-Type: application/json' -d '{\"index\":{\"number_of_replicas\":0}}' 2>/dev/null
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:reset catalogsearch_fulltext 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento indexer:reindex catalogsearch_fulltext 2>&1
  sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento cache:flush 2>&1
"

MESSAGE QUEUE

List consumers:

ssh -i MAGENTO_SSH_KEY -o StrictHostKeyChecking=yes MAGENTO_SSH_USER@MAGENTO_HOST \
  "sudo -u MAGENTO_WEB_USER MAGENTO_PHP MAGENTO_WEB_ROOT/bin/magento queue:consumers:list 2>&1"

Intended Use and Risk Acknowledgement

This skill is designed for server owners administering their own Magento 2 installation. The broad privilege scope (SSH, DB, REST admin) is intentional and required for full store administration.

This skill should not be installed if:

You do not own and control MAGENTO_HOST
You are not the Magento store administrator
You have not reviewed the commands this skill will execute

Risk mitigations included:

SSH key authentication only (no passwords on command lines)
DB password via MYSQL_PWD env var (not visible in process list)
All credentials user-supplied — nothing hardcoded in skill
Commands connect only to MAGENTO_HOST — no third-party calls
Least-privilege recommendations provided (see above section)
prompt_injection_mitigation declared — commands use fixed vars only

AGENT INSTRUCTIONS

When a user asks about their Magento store, use the commands above to retrieve real data from the server and provide a clear, formatted response.

All commands connect only to the server configured in MAGENTO_HOST using credentials supplied by the user. No data is sent to third parties.

Format responses with:

🟢 OK 🔴 error ⚠️ warning 📦 orders 🛍️ products 👥 customers
💰 revenue 🔧 running ✅ done 🔒 security 📧 email 🚚 shipping
Plain English summary with key numbers — avoid dumping raw output
If something is wrong, identify it and suggest the fix

prompt_injection_mitigation: > All commands use fixed configuration variables only. Free-form user input is never interpolated into shell commands.

Usage Guidance

This skill appears internally consistent with its stated purpose, but it is high-risk because it requires SSH access, DB credentials, and admin credentials that allow full control of a Magento store. Before installing: (1) Only use on servers you own or fully control. (2) Use dedicated, rotated SSH keys and a least-privilege DB user (no GRANT/CREATE). Limit sudo to specific commands. (3) Prefer a dedicated Magento admin account scoped to required roles rather than your primary admin. (4) Review every command the agent will run before enabling autonomous execution; consider disabling autonomous invocation if you won't supervise it. (5) Keep credentials in your private OpenClaw config (not shared) and test on a non-production instance first. If you need higher assurance, request a version of the skill that provides an auditable command list or adds explicit safety checks (e.g., a whitelist of allowed magento CLI commands) before granting credentials.

Capability Analysis

Type: OpenClaw Skill Name: magento-admin Version: 5.6.1 The magento-admin skill bundle provides a comprehensive set of tools for managing Magento 2 installations via SSH, MySQL, and REST APIs. While the skill requires high-privilege access (including SSH keys and database credentials), its behavior is strictly aligned with its stated purpose of store administration. The commands in SKILL.md follow security best practices, such as using the MYSQL_PWD environment variable to prevent password exposure in process lists and enforcing host key checking. No evidence of data exfiltration, unauthorized remote access, or malicious prompt injection was found.

Capability Tags

cryptorequires-walletrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Name/description claim full Magento administration and the SKILL.md requests exactly the credentials and access (SSH key, DB credentials, admin password, host, web root, php path, etc.) needed to perform SSH, REST/GraphQL, and direct DB operations. Required binaries (ssh, mysql, curl, redis-cli, python3) are appropriate for the described tasks.

ℹ Instruction Scope

SKILL.md is instruction-only and tells the agent to run SSH commands that execute Magento CLI, run mysql over SSH with MYSQL_PWD, and obtain REST tokens via curl. This is in-scope for admin tasks, but it means the agent will execute arbitrary remote commands on your server and issue direct DB queries — a high-risk capability that must be limited to owner-operated machines and carefully reviewed before enabling autonomous use.

✓ Install Mechanism

No install spec and no code files are present (instruction-only). That reduces supply-chain risk because nothing is downloaded or written by the skill itself, but it also means the runtime behavior depends entirely on the agent executing the SKILL.md instructions in your environment.

ℹ Credentials

The skill requires many sensitive environment values (SSH key path, DB user/pass, Magento admin user/pass). These are proportionate to full store administration, but they are high-privilege secrets; the SKILL.md states they are user-supplied-only and intended for owner-operated servers. Ensure least-privilege accounts and dedicated keys are used.

ℹ Persistence & Privilege

always is false (normal). The skill can be invoked autonomously (platform default), which combined with SSH/DB/admin credentials increases blast radius if misused. This is expected for an automation skill but is a security consideration rather than an incoherence.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install magento-admin
After installation, invoke the skill by name or use /magento-admin
Provide required inputs per the skill's parameter spec and get structured output

Version History

v5.6.1

v5.6.1: Rewrote README to explain scanner high-risk rating. Leads with scanner check table showing all technical checks pass. Explains why high-risk is expected for a full admin tool. Security model, least-privilege, and who-should-install sections added.

v5.6.0

v5.6.0: Acknowledge inherent high-privilege scope. Added risk_level: high + risk_acknowledged: true to security metadata. Added risk_justification. Added Intended Use and Risk Acknowledgement section to skill body. Removed 'arbitrary SQL' framing. This skill is high-privilege by design — it provides full Magento 2 store administration for the server owner.

v5.5.1

v5.5.1: Fix malformed registry metadata. binaries changed from name/description objects to plain strings. primary_credential moved from top-level into requires block. SKILL.md front matter and .clawhub.yaml now structurally identical. Resolves [object Object] entries in ClaWHub registry listing.

v5.5.0

v5.5.0: Final scanner remediation. curl -k replaced with --cacert MAGENTO_CA_CERT (MAGENTO_CA_CERT added to optional_env). StrictHostKeyChecking=accept-new replaced with yes. Fallback password-auth example removed. Contradictory security claim fixed (now accurately describes MYSQL_PWD pattern and HTTPS body pattern). Least-Privilege Recommendations section added. Zero curl -k, zero accept-new, zero fallback auth, zero mysql -pPASS, accurate security model throughout.

v5.4.0

v5.4.0: Fix all remaining scanner inconsistencies. SKILL.md front matter now exactly matches .clawhub.yaml (MAGENTO_SSH_KEY added to requires, MAGENTO_ADMIN_PASS required, all binaries have descriptions explaining usage including python3). mysql -pPASSWORD replaced with MYSQL_PWD=PASS mysql (password not visible in process list). primary_credential declared in both SKILL.md and .clawhub.yaml. Zero undeclared variables, zero passwords on command lines.

v5.3.0

v5.3.0: Fix manifest/body inconsistency (scanner medium confidence). Added complete requires: block to .clawhub.yaml with all 12 env vars. Added primary_credential field. MAGENTO_ADMIN_PASS moved to required. Removed CONFIG.md file reference and ssh-keygen/ssh-copy-id instructions. Zero passwords on command lines, zero sshpass, zero key generation. Env vars in SKILL.md exactly match declared vars in metadata.

v5.2.0

v5.2.0: VirusTotal remediation. Replaced sshpass with SSH key auth (ssh -i KEY). Replaced echo PASS | sudo -S with passwordless sudo. Removed MAGENTO_SSH_PASS and MAGENTO_SUDO_PASS. Added MAGENTO_SSH_KEY as required. Added auth_method: ssh-key-only and prompt_injection_mitigation to metadata. No sshpass binary required. Zero passwords on command lines.

v5.1.0

v5.1.0: Security scanner remediation. Added full metadata declaration (required env vars + binaries). SSH key auth now recommended with setup instructions. StrictHostKeyChecking changed to accept-new. Added security disclosure to .clawhub.yaml. Added overview and security notes sections. No functionality changes.

v5.0.0

v5.0.0: Complete rewrite. SSH+REST API+GraphQL+DB. Orders CRUD, revenue reports, products, customers, email/SMTP, coupons, tax, shipping, import/export, security/2FA, arbitrary SQL, extension-specific commands (Dotdigital, Amazon Pay, Braintree, ShipperHQ, WeSupply, M2E, Meta). 33 sections, 1171 lines.

Metadata

Slug magento-admin

Version 5.6.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 9

Frequently Asked Questions

What is Magento 2 Admin?

Complete Magento 2 store administration via SSH key auth, REST API, GraphQL, and direct DB access. For server owners on their own infrastructure. SSH key aut... It is an AI Agent Skill for Claude Code / OpenClaw, with 193 downloads so far.

How do I install Magento 2 Admin?

Run "/install magento-admin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Magento 2 Admin free?

Yes, Magento 2 Admin is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Magento 2 Admin support?

Magento 2 Admin is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Magento 2 Admin?

It is built and maintained by Only 1 Naren (@nj070574-gif); the current version is v5.6.1.

More Skills

Magento 2 Admin

magento-admin v5.6 — Complete Magento 2 Administration

Overview

Security Notes

Configuration

Recommended: SSH Key Authentication

Least-Privilege Recommendations

SSH Patterns

FULL HEALTH CHECK

CACHE

INDEXING

CRON

MAINTENANCE MODE

ORDERS

PRODUCTS

CUSTOMERS

ADMIN USERS

CONFIGURATION

EMAIL & SMTP

PRICE RULES & COUPONS

MODULES

COMPOSER — EXTENSIONS

DEPLOYMENT

GRAPHQL

BACKUP & RESTORE

DATABASE QUERIES

LOGS

SERVICES

OPENSEARCH

SECURITY

AUTO-HEALING

MESSAGE QUEUE

Intended Use and Risk Acknowledgement

AGENT INSTRUCTIONS

What is Magento 2 Admin?

How do I install Magento 2 Admin?

Is Magento 2 Admin free?

Which platforms does Magento 2 Admin support?

Who created Magento 2 Admin?

💬 Comments