Description

Query and manage Shopify stores via GraphQL Admin API. Use for products, orders, customers, inventory, discounts, and all Shopify data operations.

README (SKILL.md)

Shopify GraphQL Admin API

Name: Clawpify
Author: alhwyn

A comprehensive skill for interacting with Shopify's GraphQL Admin API. This skill enables Claude to query and manage all aspects of Shopify store data.

When to Use This Skill

Use this skill when the user asks about:

Products (list, search, create, update, delete)
Orders (view, cancel, fulfill)
Customers (list, create, update)
Inventory (check levels, adjust quantities)
Discounts (create codes, manage promotions)
Any other Shopify store operations

Critical Operations Requiring Permission

IMPORTANT: Before executing any of the following operations, you MUST ask for explicit user permission:

Refunds: Create refunds (permanent financial transactions)
Order Cancellations: Cancel orders (may trigger refunds)
Gift Card Deactivation: Permanently disable gift cards
Inventory Adjustments: Modify stock levels
Product Deletions: Permanently remove products
Discount Activations: Change pricing for customers

Always show what will be changed and wait for user confirmation.

How to Use

Use the shopify_graphql tool to execute queries
Check for errors (GraphQL issues) and userErrors (validation issues)
Use pagination with first/after for large result sets
Format all IDs as: gid://shopify/Resource/123

Available References

For detailed patterns and examples, refer to the reference documents:

products.md - Products and variants management
orders.md - Order operations
customers.md - Customer management
inventory.md - Inventory and locations
discounts.md - Discount codes and promotions
collections.md - Product collections
fulfillments.md - Order fulfillment and shipping
refunds.md - Process refunds
draft-orders.md - Draft order creation
gift-cards.md - Gift card management
webhooks.md - Event subscriptions
locations.md - Store locations
marketing.md - Marketing activities
markets.md - Multi-market setup
menus.md - Navigation menus
metafields.md - Custom data fields
pages.md - Store pages
blogs.md - Blog management
files.md - File uploads
shipping.md - Shipping configuration
shop.md - Store information
subscriptions.md - Subscription management
translations.md - Content translations
segments.md - Customer segments
bulk-operations.md - Bulk data operations

Quick Examples

List Recent Orders

query {
  orders(first: 10, sortKey: CREATED_AT, reverse: true) {
    nodes {
      id
      name
      totalPriceSet {
        shopMoney { amount currencyCode }
      }
      customer { displayName }
    }
  }
}

Search Products

query {
  products(first: 10, query: "title:*shirt* AND status:ACTIVE") {
    nodes {
      id
      title
      status
    }
  }
}

Check Inventory

query GetInventory($id: ID!) {
  inventoryItem(id: $id) {
    id
    inventoryLevels(first: 5) {
      nodes {
        quantities(names: ["available"]) {
          name
          quantity
        }
        location { name }
      }
    }
  }
}

Error Handling

Always check responses:

errors array = GraphQL syntax issues
userErrors in mutations = validation problems

Best Practices

Request only needed fields to optimize response size
Use pagination for lists that may grow
Check userErrors in all mutation responses
Ask permission before dangerous operations
Format results clearly for the user
Use bulk operations for large data exports/imports
Handle rate limits with exponential backoff

Usage Guidance

This skill appears to be a comprehensive Shopify GraphQL reference and lists many powerful operations (including bulk exports, refunds, inventory adjustments, discount activation, and deletes). Before installing or enabling it, verify these points: 1) Where does the 'shopify_graphql' tool actually run? If it uses an MCP (managed) server, who operates that server and will your shop data (queries/responses) route through it? 2) How will credentials be provided and stored? The SKILL.md does not declare required env vars (e.g., SHOPIFY_STORE_DOMAIN, SHOPIFY_ADMIN_API_TOKEN) — insist on a clear mechanism that keeps credentials local or in a vetted secret store. 3) Confirm explicit confirmation UX for destructive operations (the skill documents permission checks, but you should verify the agent enforces them). 4) Because the references include bulk-export queries and customer data fields, avoid granting broad read/export scopes until you trust the tool’s operator and storage/retention policy. If the provider cannot answer how the shopify_graphql endpoint is hosted and how credentials are handled, treat the skill as high risk and do not install it.

Capability Analysis

Type: OpenClaw Skill Name: clawpify Version: 0.1.0 The OpenClaw AgentSkills skill bundle for Shopify GraphQL API is classified as benign. While it provides extensive capabilities to manage a Shopify store, including sensitive operations like creating/deleting products, adjusting inventory, processing refunds, and managing discounts, the `SKILL.md` and numerous `references/*.md` files consistently and explicitly instruct the AI agent to seek explicit user permission before executing any 'dangerous' or 'permanent' operations. This proactive instruction to the agent to involve the user for high-impact actions is a strong security feature, not a vulnerability, and there is no evidence of malicious execution, data exfiltration, persistence, or obfuscation.

Capability Assessment

⚠ Purpose & Capability

The name/description claim full Shopify Admin GraphQL capabilities, but the skill declares no required credentials, no primaryEnv, and no config paths — yet interacting with the Shopify Admin API requires a shop domain and an admin API access token (or equivalent OAuth credentials). The dependency on a 'shopify_graphql' tool is the only mechanism shown to reach Shopify, but its provenance is unspecified. This mismatch between claimed capability and declared required secrets is inconsistent and unexplained.

ℹ Instruction Scope

SKILL.md stays within the Shopify GraphQL domain: it provides queries/mutations, error-checking, pagination guidance, and explicit permission rules for destructive operations. It does not instruct reading arbitrary local files or unrelated environment state. However, it does not explain how credentials are supplied to the 'shopify_graphql' tool or how the tool handles requests/responses, which leaves an operational gap that affects security/privacy.

ℹ Install Mechanism

There is no install spec and no code files (instruction-only), which is low-risk in isolation. The notable item is the dependency listed: 'Tool: shopify_graphql (from MCP server or custom function)'. That indicates the skill expects either a remote managed component (MCP server) or a locally provided function; the remote option could route store data through an external server. The SKILL.md does not clarify whether traffic stays within the user's environment or is proxied via a third-party.

⚠ Credentials

No environment variables or credentials are declared, despite the skill requiring access to sensitive store data (products, orders, customers, inventory, refunds, bulk exports). This is disproportionate: at minimum the store domain and an admin API token (or OAuth client/secret) are needed. The absence of declared secrets and the vague external tool both raise the possibility that credentials would be requested or routed at runtime in an ad-hoc way, increasing the risk of credential leakage.

✓ Persistence & Privilege

The skill does not request persistent presence (always:false) and does not declare writes to agent/system configuration. Autonomous invocation is allowed (platform default). There is no explicit mechanism in the SKILL.md to persist credentials or modify other skills' settings.

Version History

v0.1.0

Initial release of the clawpify skill — seamless Shopify store management using the GraphQL Admin API. - Enables querying and managing products, orders, customers, inventory, discounts, and other Shopify data. - Integrates with the `shopify_graphql` tool for all operations. - Highlights critical actions that require explicit user permission (e.g., refunds, stock changes, deletions). - Provides clear instructions on queries, pagination, ID formatting, error handling, and best practices. - Includes a full reference to available resources and quick GraphQL example queries.

Metadata

Slug clawpify

Version 0.1.0

License —

All-time Installs 3

Active Installs 3

Total Versions 1

Frequently Asked Questions

What is Clawpify?

Query and manage Shopify stores via GraphQL Admin API. Use for products, orders, customers, inventory, discounts, and all Shopify data operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 2326 downloads so far.

How do I install Clawpify?

Run "/install clawpify" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawpify free?

Yes, Clawpify is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clawpify support?

Clawpify is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawpify?

It is built and maintained by Alhwyn (@alhwyn); the current version is v0.1.0.

More Skills

Clawpify