ucp
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill is purpose-aligned and its network flows appear consistent with official Shopify/UCP commerce operations, but it requires an unspecified external `ucp` binary and authorizes autonomous purchase actions. The main risk is trust in an unverifiable required CLI plus real-world transaction capability, not clear evidence of credential theft or malicious exfiltration.
Confidence: 84%Severity: 81%
Audit Metadata