Skip to main content

shopify-api

Provides a comprehensive guide for integrating with Shopify APIs, including authentication and data fetching for e-commerce applications.

Install this skill

or
0/100

Security score

The shopify-api skill was audited on Feb 28, 2026 and we found 44 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 132

Template literal with variable interpolation in command context

SourceSKILL.md
132`https://${store}.myshopify.com/admin/api/2025-10/graphql.json`,
medium line 236

Template literal with variable interpolation in command context

SourceSKILL.md
236`https://${store}.myshopify.com/admin/api/2025-10/products.json?limit=50`,
medium line 331

Template literal with variable interpolation in command context

SourceSKILL.md
331.map(key => `${key}=${params[key]}`)
medium line 363

Template literal with variable interpolation in command context

SourceSKILL.md
363`https://${shop}/admin/oauth/access_token`,
medium line 774

Template literal with variable interpolation in command context

SourceSKILL.md
774throw new Error(`HTTP ${response.status}: ${response.statusText}`);
low line 543

Fetch to external URL

SourceSKILL.md
543fetch('/cart.js')
low line 555

Fetch to external URL

SourceSKILL.md
555fetch('/cart/add.js', {
low line 578

Fetch to external URL

SourceSKILL.md
578fetch('/cart/change.js', {
low line 592

Fetch to external URL

SourceSKILL.md
592fetch('/cart/clear.js', { method: 'POST' })
low line 599

Fetch to external URL

SourceSKILL.md
599fetch('/cart/update.js', {
low line 834

Fetch to external URL

SourceSKILL.md
834fetch('/cart.js')
low line 835

Fetch to external URL

SourceSKILL.md
835fetch('/cart/add.js', { method: 'POST', body: ... })
low line 836

Fetch to external URL

SourceSKILL.md
836fetch('/cart/change.js', { method: 'POST', body: ... })
medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Complete API integration guide for Shopify including GraphQL Admin API, REST Admin API, Storefront API, Ajax API, OAuth authentication, rate limiting, and webhooks. Use when making API ca
medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md
8Expert guidance for all Shopify APIs including GraphQL Admin API, REST Admin API, Storefront API, Ajax API, authentication, and webhooks.
medium line 19

Webhook reference - potential data exfiltration

SourceSKILL.md
19- Setting up webhooks for event handling
medium line 614

Webhook reference - potential data exfiltration

SourceSKILL.md
614### 7. Webhooks
medium line 618

Webhook reference - potential data exfiltration

SourceSKILL.md
618**Common Webhooks:**
medium line 648

Webhook reference - potential data exfiltration

SourceSKILL.md
648**Register Webhook (GraphQL):**
low line 650

Webhook reference - potential data exfiltration

SourceSKILL.md
650mutation CreateWebhook($input: WebhookSubscriptionInput!) {
low line 651

Webhook reference - potential data exfiltration

SourceSKILL.md
651webhookSubscriptionCreate(input: $input) {
low line 652

Webhook reference - potential data exfiltration

SourceSKILL.md
652webhookSubscription {
low line 657

Webhook reference - potential data exfiltration

SourceSKILL.md
657... on WebhookHttpEndpoint {
low line 675

Webhook reference - potential data exfiltration

SourceSKILL.md
675"webhookSubscription": {
low line 676

Webhook reference - potential data exfiltration

SourceSKILL.md
676"callbackUrl": "https://your-app.com/webhooks/orders",
medium line 683

Webhook reference - potential data exfiltration

SourceSKILL.md
683**Handle Webhook (Node.js/Express):**
low line 685

Webhook reference - potential data exfiltration

SourceSKILL.md
685app.post('/webhooks/orders', async (req, res) => {
low line 686

Webhook reference - potential data exfiltration

SourceSKILL.md
686// Verify webhook HMAC
low line 691

Webhook reference - potential data exfiltration

SourceSKILL.md
691.createHmac('sha256', SHOPIFY_WEBHOOK_SECRET)
medium line 796

Webhook reference - potential data exfiltration

SourceSKILL.md
7963. **Verify webhook HMAC** - Security critical
medium line 803

Webhook reference - potential data exfiltration

SourceSKILL.md
80310. **Respond to webhooks quickly** - Within 5 seconds
medium line 809

Webhook reference - potential data exfiltration

SourceSKILL.md
809- **[references/webhook-payloads.md](references/webhook-payloads.md)** - Webhook payload structures
low line 33

External URL reference

SourceSKILL.md
33POST https://{store}.myshopify.com/admin/api/2025-10/graphql.json
low line 132

External URL reference

SourceSKILL.md
132`https://${store}.myshopify.com/admin/api/2025-10/graphql.json`,
low line 218

External URL reference

SourceSKILL.md
218https://{store}.myshopify.com/admin/api/2025-10/
low line 236

External URL reference

SourceSKILL.md
236`https://${store}.myshopify.com/admin/api/2025-10/products.json?limit=50`,
low line 297

External URL reference

SourceSKILL.md
297GET https://{shop}.myshopify.com/admin/oauth/authorize?
low line 345

External URL reference

SourceSKILL.md
345POST https://{shop}.myshopify.com/admin/oauth/access_token
low line 363

External URL reference

SourceSKILL.md
363`https://${shop}/admin/oauth/access_token`,
low line 434

External URL reference

SourceSKILL.md
434POST https://{store}.myshopify.com/api/2025-10/graphql.json
low line 676

External URL reference

SourceSKILL.md
676"callbackUrl": "https://your-app.com/webhooks/orders",
low line 822

External URL reference

SourceSKILL.md
822POST https://{store}.myshopify.com/admin/api/2025-10/graphql.json
low line 826

External URL reference

SourceSKILL.md
826GET https://{store}.myshopify.com/admin/api/2025-10/products.json
low line 830

External URL reference

SourceSKILL.md
830POST https://{store}.myshopify.com/api/2025-10/graphql.json
Scanned on Feb 28, 2026
View Security Dashboard
Installation guide →
GitHub Stars 7
Rate this skill
Categorymarketing
UpdatedMay 21, 2026
openclawapibackendproduct-marketergrowth-marketerbackend-developerdata-analystsales-engineermarketingdevelopmentdata analyticssales
Activer007/ordinary-claude-skills