📦

shopify-development

Name: shopify-development
Author: sickn33

Riesgo bajo ⚙️ Comandos externos🌐 Acceso a red🔑 Variables de entorno📁 Acceso al sistema de archivos

Build Shopify apps, extensions, themes using GraphQL Admin API, Shopify CLI, Polaris UI, and Liquid.

Soporta: Claude Codex Code(CC)

🥈 78 Plata

1

Descargar el ZIP de la skill

2

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

3

Activa y empieza a usar

Pruébalo

"test.default"

Resultado esperado:

Auditoría de seguridad

Riesgo bajo

v1 • 2/25/2026

Static analyzer flagged 553 potential issues, but evaluation confirms these are FALSE POSITIVES for legitimate Shopify development patterns. External commands are Shopify CLI tooling (shopify app/theme init, dev, deploy). Network calls target official Shopify domains (shopify.dev, myshopify.com). Environment access stores standard API credentials (SHOPIFY_API_KEY, SHOPIFY_API_SECRET). The skill follows Shopify best practices with OAuth CSRF protection and secure credential handling. Low risk due to legitimate development tooling usage.

10

Archivos escaneados

3,388

Líneas analizadas

7

hallazgos

1

Auditorías totales

Problemas de riesgo bajo (3)

SKILL.md:46-74 scripts/shopify_init.py:296-306

External Command Execution - Shopify CLI

The skill executes Shopify CLI commands via subprocess. These are legitimate development tooling commands (shopify app init, shopify theme dev) but represent external code execution.

references/app-development.md:12-72 scripts/shopify_graphql.py:70

Network Access - Shopify API Endpoints

The skill makes HTTP requests to Shopify domains (myshopify.com, shopify.dev) for OAuth authentication and GraphQL API operations.

references/app-development.md:48-49 scripts/shopify_init.py:21-22

Environment Variable Access - API Credentials

The skill reads environment variables for Shopify API credentials (SHOPIFY_API_KEY, SHOPIFY_API_SECRET). This is standard practice but requires secure environment configuration.