📦 Best Shopify Stores — 最佳 Shopify 商店

v1.0.1

最佳 Shopify 商店工具。

0· 104·0 当前·0 累计

by @fanyanggod

电商工具

下载技能包

最后更新

2026/4/2

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

medium confidence

The skill’s declared purpose, required API key, and use of an npm MCP server are internally consistent, but there are a few small concerns (an embedded install step and a global npm package) that merit review before installing.

评估建议

This skill appears to do what it says, but it includes an instruction to globally install and run a third‑party npm package (ppspy-mcp-server) that will execute on your machine and use your PPSPY_API_KEY. Before installing: 1) Inspect the npm package page and linked repository (maintainer, version history, issues). 2) Prefer installing in a sandboxed environment or container rather than globally if you’re unsure. 3) Check what network ports/processes the MCP server opens and what data it transmi...

详细分析 ▾

✓ 用途与能力

The skill is a Shopify-store discovery wrapper around PPSPY. Requiring PPSPY_API_KEY and listing npm (to install an MCP server) is coherent with that purpose.

ℹ 指令范围

SKILL.md only instructs the agent to use the PPSPY API and set PPSPY_API_KEY. However the metadata also includes an install block and an mcpServers entry that will run a local 'ppspy-mcp-server' process with the API key; this expands runtime behavior beyond a pure instruction-only skill and should be noted.

ℹ 安装机制

The SKILL.md requests a global npm install of 'ppspy-mcp-server@1.0.1'. Using npm is normal for Node-based tools, but global npm installs execute third-party code and modify the system PATH—verify the package source (npm package page, linked repository) before installing.

✓ 凭证需求

Only PPSPY_API_KEY is required and that matches the stated integration. No unrelated secrets or config paths are requested.

ℹ 持久化与权限

always is false (no forced inclusion). The skill’s MCP server will run as a local process (per mcpServers metadata), which could be long‑running or open network ports—this is not inherently malicious but increases runtime footprint compared with a simple API client.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/4/1

- Updated setup instructions for more precise onboarding. - Now includes links to both the real-time dashboard ([ppspy.com](https://www.ppspy.com/)) and the direct API management site ([api.ppspy.com](https://api.ppspy.com/)). - Clarifies where to obtain your API key and manage billing/recharge. - No changes to available features or tools.

● 无害

安装命令

点击复制

官方npx clawhub@latest install best-shopify-stores

镜像加速npx clawhub@latest install best-shopify-stores --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库