Skip to main content

shopify-development

Enables the development of Shopify apps, extensions, and themes using GraphQL and Liquid for enhanced e-commerce functionality.

Install this skill

or
46/100

Security score

The shopify-development skill was audited on Feb 28, 2026 and we found 22 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 6

Webhook reference - potential data exfiltration

SourceSKILL.md
6"shopify theme", "liquid template", "polaris", "shopify graphql", "shopify webhook",
medium line 18

Webhook reference - potential data exfiltration

SourceSKILL.md
18- Implementing webhooks or billing
medium line 261

Webhook reference - potential data exfiltration

SourceSKILL.md
261## Webhook Configuration
low line 266

Webhook reference - potential data exfiltration

SourceSKILL.md
266[webhooks]
low line 269

Webhook reference - potential data exfiltration

SourceSKILL.md
269[[webhooks.subscriptions]]
low line 271

Webhook reference - potential data exfiltration

SourceSKILL.md
271uri = "/webhooks/orders"
low line 273

Webhook reference - potential data exfiltration

SourceSKILL.md
273[[webhooks.subscriptions]]
low line 275

Webhook reference - potential data exfiltration

SourceSKILL.md
275uri = "/webhooks/products"
low line 277

Webhook reference - potential data exfiltration

SourceSKILL.md
277# GDPR mandatory webhooks (required for app approval)
low line 278

Webhook reference - potential data exfiltration

SourceSKILL.md
278[webhooks.privacy_compliance]
low line 279

Webhook reference - potential data exfiltration

SourceSKILL.md
279customer_data_request_url = "/webhooks/gdpr/data-request"
low line 280

Webhook reference - potential data exfiltration

SourceSKILL.md
280customer_deletion_url = "/webhooks/gdpr/customer-deletion"
low line 281

Webhook reference - potential data exfiltration

SourceSKILL.md
281shop_deletion_url = "/webhooks/gdpr/shop-deletion"
medium line 299

Webhook reference - potential data exfiltration

SourceSKILL.md
299- Always verify webhook HMAC signatures before processing
medium line 330

Webhook reference - potential data exfiltration

SourceSKILL.md
330**IF webhook is not receiving events:**
medium line 331

Webhook reference - potential data exfiltration

SourceSKILL.md
331→ Verify the webhook URL is publicly accessible
medium line 333

Webhook reference - potential data exfiltration

SourceSKILL.md
333→ Review webhook logs in Partner Dashboard
medium line 346

Webhook reference - potential data exfiltration

SourceSKILL.md
346- `references/app-development.md` - OAuth authentication flow, GraphQL mutations for products/orders/billing, webhook handlers, billing API integration
low line 361

External URL reference

SourceSKILL.md
361- Shopify Developer Docs: https://shopify.dev/docs
low line 362

External URL reference

SourceSKILL.md
362- GraphQL Admin API Reference: https://shopify.dev/docs/api/admin-graphql
low line 363

External URL reference

SourceSKILL.md
363- Shopify CLI Reference: https://shopify.dev/docs/api/shopify-cli
low line 364

External URL reference

SourceSKILL.md
364- Polaris Design System: https://polaris.shopify.com
Scanned on Feb 28, 2026
View Security Dashboard
Installation guide →
GitHub Stars 508
Rate this skill
Categorydevelopment
UpdatedApril 10, 2026
openclawfrontendapibackendfrontend-developerproduct-marketergrowth-marketerux-designerproduct-managerdevelopmentmarketingdesignproduct
Dicklesworthstone/pi_agent_rust