shopify-payments-apps

SUSPICIOUS. The core purpose aligns with Shopify Payments Apps development and the intended external data flow is first-party Shopify, which is a strong benign signal. However, the skill mandates execution of opaque local scripts with no verifiable provenance in the prompt, triggering a significant install/execution trust concern; telemetry from the validator is disclosed but not fully transparent. Overall this looks more like a legitimate vendor-authored skill with unverifiable local tooling than overtly malicious behavior.