← 返回 Skills 市场
Shopify Order Management
作者
Muhammad H.M. Alvi
· GitHub ↗
· v1.0.2
574
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install shopify-order-management
功能描述
Shopify order lifecycle management with new order handling, status sync, low-stock alerts, abandoned cart recovery, and daily sales reports. 5 production-rea...
安全使用建议
This package appears to do what it says: import the JSON workflows into your self-hosted n8n, provide a Shopify access token and webhook secret, create the Orders Google Sheet, and configure SMTP for emails. Before installing: (1) Verify and set SHOPIFY_ORDERS_SHEET_ID (the registry metadata omitted it); (2) Use least-privilege Shopify credentials (scopes limited to read_orders, read_products, read_checkouts or narrower as needed) and rotate them if possible; (3) Test webhook HMAC verification — the code uses JSON.stringify(body) which can fail depending on how your webhook raw body is presented; prefer verifying against the raw request body where possible; (4) Ensure your SMTP credentials are stored securely in n8n (do not bake them into environment variables in shared hosts); (5) Review privacy/consent for sending abandoned-cart emails to customers and follow applicable laws (CAN-SPAM, GDPR); (6) Import workflows only into a trusted n8n instance since code nodes execute JavaScript and will run with whatever access your n8n instance has. If you want higher assurance, ask the publisher to: include SHOPIFY_ORDERS_SHEET_ID in the registry metadata, confirm HMAC verification method, and provide a small README that maps each n8n credential to the minimal required scopes.
功能分析
Type: OpenClaw Skill
Name: shopify-order-management
Version: 1.0.2
The OpenClaw skill bundle for Shopify order management appears benign. All five n8n workflows (`01-new-order-handler.json`, `02-order-status-sync.json`, `03-low-stock-alert.json`, `04-abandoned-cart-recovery.json`, `05-daily-sales-report.json`) perform their stated functions using legitimate Shopify Admin API endpoints and Google Sheets/SMTP integrations. The custom JavaScript code nodes are used for data parsing, filtering, and aggregation, including a proper HMAC signature verification for Shopify webhooks. There is no evidence of data exfiltration to unauthorized endpoints, malicious command execution, persistence mechanisms, or prompt injection attempts in the `SKILL.md` or workflow definitions. All requested environment variables and credentials are directly relevant to the skill's described functionality.
能力评估
Purpose & Capability
The name/description (Shopify order lifecycle automation) matches the workflows and required items: Shopify API access, webhook secret, admin email, and a low-stock threshold. The skill depends on Google Sheets and SMTP n8n credentials (declared in SKILL.md metadata) which are expected for logging and email. One minor inconsistency: the SKILL.md and workflows reference SHOPIFY_ORDERS_SHEET_ID (Google Sheet ID) but that env var is not listed in the registry's top-level required env vars — you'll need to supply it or convert the placeholder to an n8n credential/setting.
Instruction Scope
All instructions and embedded code run n8n workflows that call Shopify admin API endpoints, write to Google Sheets (via n8n credentials), and send mail via SMTP. The workflows only reference Shopify, Google Sheets, and SMTP; they do not instruct reading arbitrary local files or contacting unexpected external endpoints. Note: webhook HMAC verification is implemented in code nodes (using JSON.stringify on the body), which is a functional detail to test (Shopify HMAC should be computed over the raw request body).
Install Mechanism
Instruction-only skill with no install spec and no external downloads — nothing is written to disk by the skill package itself. Workflows are imported into n8n; that import is the normal, low-risk operation for this type of automation.
Credentials
Requested environment variables (SHOPIFY_STORE_URL, SHOPIFY_ACCESS_TOKEN, SHOPIFY_WEBHOOK_SECRET, SHOPIFY_ADMIN_EMAIL, LOW_STOCK_THRESHOLD) are appropriate for the stated tasks. The SKILL.md also expects SHOPIFY_ORDERS_SHEET_ID but it was omitted from the registry's required env list — a mismatch to fix. The skill does not request unrelated credentials (no cloud provider keys, etc.). Google Sheets and SMTP are handled via n8n credentials rather than raw env secrets in the registry, which is appropriate.
Persistence & Privilege
The skill is not flagged as always: true and has no install-time persistence. It will only run when the user imports and enables the workflows in their n8n instance. Autonomous invocation within n8n is expected behavior for workflows; there is no cross-skill config modification or system-wide privilege requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shopify-order-management - 安装完成后,直接呼叫该 Skill 的名称或使用
/shopify-order-management触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix: strip residual n8n metadata, fix process.env to $env, add webhook HMAC validation, add crosspost auth
v1.0.1
Fix: declare all env vars used in workflows in requires.env metadata for security scan compliance
v1.0.0
Initial release: Shopify order lifecycle management with 5 n8n workflows
元数据
常见问题
Shopify Order Management 是什么?
Shopify order lifecycle management with new order handling, status sync, low-stock alerts, abandoned cart recovery, and daily sales reports. 5 production-rea... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 574 次。
如何安装 Shopify Order Management?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shopify-order-management」即可一键安装,无需额外配置。
Shopify Order Management 是免费的吗?
是的,Shopify Order Management 完全免费(开源免费),可自由下载、安装和使用。
Shopify Order Management 支持哪些平台?
Shopify Order Management 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Shopify Order Management?
由 Muhammad H.M. Alvi(@mhmalvi)开发并维护,当前版本 v1.0.2。
推荐 Skills