shopify-customer

SUSPICIOUS: The skill's stated Shopify Customer Account API purpose is coherent and same-org official docs support the API usage, but it mandates execution of two opaque local scripts that are not publicly verifiable. Scope is otherwise proportionate and no credential harvesting is evident, so this is not malicious; the main risk is execution trust and limited undisclosed telemetry behavior.