ucp

Warn

Audited by Socket on May 15, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill is purpose-aligned and its network flows appear consistent with official Shopify/UCP commerce operations, but it requires an unspecified external `ucp` binary and authorizes autonomous purchase actions. The main risk is trust in an unverifiable required CLI plus real-world transaction capability, not clear evidence of credential theft or malicious exfiltration.

Confidence: 84%Severity: 81%
Audit Metadata
Analyzed At
May 15, 2026, 08:14 PM
Package URL
pkg:socket/skills-sh/Shopify%2Fshopify-ai-toolkit%2Fucp%2F@43eb49252dc09b2aff465bdaf38bf91e53c7fbec