Security Audit
shopify-development
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
shopify-development received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 2 critical, 2 high, 5 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Suspicious import: urllib.request.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/shopify-development/scripts/shopify_init.py:196 | |
| CRITICAL | Unsanitized user input in subprocess.run leads to command injection The `shopify_init.py` script takes user input for `app_name` in the `create_app` method (line 200) and `theme_name` in the `create_theme` method (line 220) via the `self.prompt` function. This input is then directly passed as an argument to `subprocess.run` via `self.run_command` without any sanitization. An attacker could inject arbitrary shell commands by providing malicious input (e.g., `my_app; rm -rf /`) when prompted for the app or theme name, leading to arbitrary code execution on the host system. Sanitize user input before passing it to `subprocess.run`. Implement strict input validation to ensure that `app_name` and `theme_name` only contain allowed characters (e.g., alphanumeric, hyphens, underscores) and do not contain shell metacharacters. Alternatively, ensure that the `shopify` CLI itself properly sanitizes or escapes arguments when creating projects. | LLM | scripts/shopify_init.py:200 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/shopify-development/scripts/shopify_graphql.py:6 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_cli_installed'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/shopify-development/scripts/shopify_init.py:196 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/shopify-development/scripts/shopify_graphql.py:20 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest>=8.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/shopify-development/scripts/requirements.txt:7 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-cov>=4.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/shopify-development/scripts/requirements.txt:8 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-mock>=3.12.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/shopify-development/scripts/requirements.txt:9 | |
| MEDIUM | Skill accesses environment variables from parent directories The `EnvLoader.get_env_paths` method in `shopify_init.py` explicitly constructs paths to `.env` files in the skill's parent directories (`skill_dir.parent` and `skill_dir.parent.parent`). This allows the skill to load and potentially use environment variables (e.g., `SHOPIFY_API_KEY`, `SHOPIFY_API_SECRET`, `SHOP_DOMAIN`, `SCOPES`) that might be defined for a broader context (e.g., the entire agent or other skills) and not specifically intended for this skill. This could lead to the skill operating with excessive permissions or accessing sensitive data it shouldn't, potentially leading to data exfiltration if the skill were designed to transmit this data. Restrict `.env` file loading to only the skill's own directory (`skill_dir / '.env'`) unless there is a clear, documented need for broader access and the agent platform provides mechanisms to explicitly grant such access. If broader access is necessary, ensure that sensitive variables are not stored in higher-level `.env` files or that the skill only attempts to load variables specific to its own operation. | LLM | scripts/shopify_init.py:80 | |
| LOW | Unpinned Shopify CLI dependency recommended and used The skill's documentation (`SKILL.md`, line 47) and the `shopify_init.py` script (line 170) recommend/execute `npm install -g @shopify/cli@latest`. Additionally, `scripts/requirements.txt` mentions `npm install -g @shopify/cli @shopify/theme` in comments. Using `@latest` means that the exact version of the Shopify CLI is not pinned, which can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if a malicious version is published to the npm registry. This introduces a supply chain risk. Pin the Shopify CLI dependency to a specific, known-good version (e.g., `@shopify/cli@3.50.0`) to ensure consistent behavior and reduce the risk of supply chain attacks. Regularly update the pinned version after reviewing release notes and security advisories. | LLM | SKILL.md:47 |
Scan History
Embed Code
[](https://skillshield.io/report/338f74b1749b35ed)
Powered by SkillShield