shopify-api-graphql
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is a dedicated Shopify GraphQL API integration for store admin and storefront operations. It explicitly supports order processing, cart operations, checkouts and fulfillment via the Admin and Storefront APIs — actions that create and complete purchases (i.e., initiate/capture transactions). Although it doesn't name external gateways like Stripe, Shopify's Admin/Storefront APIs are specific e-commerce/payment-capable APIs (including transactional mutations) rather than generic tooling. Under the guideline to flag tools whose primary/explicit definition is to move money (send transactions / process orders), this skill grants direct financial execution capability.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata