Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

avilocap/shopfleet-cli

Name: shopfleet-cli
Author: avilocap

skills/shopfleet-cli/SKILL.md

npx skillsauth add avilocap/shopify-admin-cli shopfleet-cli

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Shopfleet CLI

Use this skill when the task is about the local Shopify CLI in this repository.

This repo currently exposes the shopfleet CLI from src/index.ts. It manages Shopify stores through Admin GraphQL and supports both read commands and write commands. Other agents may not have the repository AGENTS.md, so this skill carries the operating rules that matter most.

Quick Rules

Treat src/commands, targeted --help, and live CLI behavior as the ground truth. Use README.md for examples and workflow context. If docs diverge, trust the code and help output.
Run commands from the repo root. Prefer node dist/index.js ... when dist/ is present and up to date. If behavior looks stale, rebuild or use npm run dev -- ....
Do not print or log secrets. Store config may contain clientSecret or legacy accessToken.
Assume configured aliases may be real stores, often production stores. Before any write command, confirm the target alias and the intended effect.
For config-only validation, use a temporary alias with fake credentials and remove it when done.
When a command contract or method behavior changes, update code, --help, README.md, AGENTS.md, and the relevant files under skills/ together when applicable.
Keep solutions small. Stay on the supported surface; do not introduce traffic, conversion, abandonment, marketing analytics, webhooks, or bulk operations unless explicitly requested.

Safe Workflow

1. Discover the current state

Start with:

node dist/index.js --help
node dist/index.js config list

config list is safe and shows the configured aliases plus the config file path. Treat existing aliases as real stores unless the user gives you better context.

Store config lives at ~/.shopfleet/stores.json and the CLI migrates from ~/.store-manager/stores.json automatically.

2. Classify the task

Read-only task: shop info, list/get/search commands, metafield reads, analytics, and other non-mutating reads are generally safe on an existing configured alias.
Local config task: config add, config remove, config set-default, and config migration work can be tested locally without touching Shopify if you use fake credentials.
Write task: product create/update/delete, product variant updates, collection updates, order cancel, gift card create, page create, blog article create, refund, inventory adjust/set, metafield set/delete, fulfillment create/tracking, and discount create all mutate store data. Production use is valid, but these commands should be executed deliberately against the intended alias.

3. Choose the safest validation path

Prefer this order:

--help and source inspection
local validation paths that fail before any network write
read-only commands on a configured alias
temporary config aliases with fake credentials for config workflows
real write operations only when the target store and the intended mutation are clear

Good safe probes:

node dist/index.js orders cancel 1234567890
node dist/index.js config add skill-temp --domain example-dev-store.myshopify.com --client-id fake --client-secret fake
node dist/index.js config remove skill-temp

orders cancel refuses to proceed without --force, which is a useful guardrail check that does not perform the cancellation.

4. When you do need live behavior

Use read-only commands first when you need to understand the current store state:

node dist/index.js shop info --store <alias>
node dist/index.js products list --store <alias> --limit 1

Prefer --format table when you want concise terminal inspection and --format json when you need structured output for reasoning or comparison.

Implementation Notes

The HTTP client uses native fetch in src/client.ts.
Default Shopify API version is pinned in code and can be overridden with SHOPIFY_API_VERSION.
Auth supports either clientId + clientSecret or legacy accessToken.
The CLI talks to Shopify Admin GraphQL and keeps analytics read-only through ShopifyQL.
Shopify taxonomy categories are read-only references from Shopify; product commands may assign, filter, or clear a product category, but they do not mutate the taxonomy itself.
Collection title changes do not change the handle automatically; handle updates should be explicit and may optionally request a redirect.
The config layer normalizes domains and requires the Shopify admin domain in *.myshopify.com format.

Editing Workflow

When changing behavior:

Inspect the target command in src/commands.
Inspect the corresponding GraphQL helper in src/graphql if the command hits Shopify.
Keep behavior explicit and names clear. Avoid premature abstractions.
Update help text examples and identifier notes with addHelpText("after", ...).
If the command contract or method behavior changed, update README.md, AGENTS.md, and the relevant repository skill docs under skills/.

Then verify:

npm run build
npm run typecheck
npm test

Reference Files

Command surface, identifier rules, and mutation notes: references/cli-contract.md

avilocap/shopfleet-cli

skills/shopfleet-cli/SKILL.md

Use when working with the Shopfleet/store-manager Shopify CLI in this repository: exploring commands, running the local CLI safely, updating command contracts, debugging command behavior, or adding new CLI features.

tools

Updated Apr 3, 2026

$ install --global

skillsauth

npx skillsauth add avilocap/shopify-admin-cli shopfleet-cli

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 3:18 PM1.6s1 file scanned

SKILL.md

name:: shopfleet-cli
description:: Use when working with the Shopfleet/store-manager Shopify CLI in this repository: exploring commands, running the local CLI safely, updating command contracts, debugging command behavior, or adding new CLI features.

Shopfleet CLI

Use this skill when the task is about the local Shopify CLI in this repository.

Quick Rules

Treat src/commands, targeted --help, and live CLI behavior as the ground truth. Use README.md for examples and workflow context. If docs diverge, trust the code and help output.
Run commands from the repo root. Prefer node dist/index.js ... when dist/ is present and up to date. If behavior looks stale, rebuild or use npm run dev -- ....
Do not print or log secrets. Store config may contain clientSecret or legacy accessToken.
Assume configured aliases may be real stores, often production stores. Before any write command, confirm the target alias and the intended effect.
For config-only validation, use a temporary alias with fake credentials and remove it when done.
When a command contract or method behavior changes, update code, --help, README.md, AGENTS.md, and the relevant files under skills/ together when applicable.
Keep solutions small. Stay on the supported surface; do not introduce traffic, conversion, abandonment, marketing analytics, webhooks, or bulk operations unless explicitly requested.

Safe Workflow

1. Discover the current state

Start with:

node dist/index.js --help
node dist/index.js config list

config list is safe and shows the configured aliases plus the config file path. Treat existing aliases as real stores unless the user gives you better context.

Store config lives at ~/.shopfleet/stores.json and the CLI migrates from ~/.store-manager/stores.json automatically.

2. Classify the task

Read-only task: shop info, list/get/search commands, metafield reads, analytics, and other non-mutating reads are generally safe on an existing configured alias.
Local config task: config add, config remove, config set-default, and config migration work can be tested locally without touching Shopify if you use fake credentials.
Write task: product create/update/delete, product variant updates, collection updates, order cancel, gift card create, page create, blog article create, refund, inventory adjust/set, metafield set/delete, fulfillment create/tracking, and discount create all mutate store data. Production use is valid, but these commands should be executed deliberately against the intended alias.

3. Choose the safest validation path

Prefer this order:

--help and source inspection
local validation paths that fail before any network write
read-only commands on a configured alias
temporary config aliases with fake credentials for config workflows
real write operations only when the target store and the intended mutation are clear

Good safe probes:

node dist/index.js orders cancel 1234567890
node dist/index.js config add skill-temp --domain example-dev-store.myshopify.com --client-id fake --client-secret fake
node dist/index.js config remove skill-temp

orders cancel refuses to proceed without --force, which is a useful guardrail check that does not perform the cancellation.

4. When you do need live behavior

Use read-only commands first when you need to understand the current store state:

node dist/index.js shop info --store <alias>
node dist/index.js products list --store <alias> --limit 1

Prefer --format table when you want concise terminal inspection and --format json when you need structured output for reasoning or comparison.

Implementation Notes

The HTTP client uses native fetch in src/client.ts.
Default Shopify API version is pinned in code and can be overridden with SHOPIFY_API_VERSION.
Auth supports either clientId + clientSecret or legacy accessToken.
The CLI talks to Shopify Admin GraphQL and keeps analytics read-only through ShopifyQL.
Shopify taxonomy categories are read-only references from Shopify; product commands may assign, filter, or clear a product category, but they do not mutate the taxonomy itself.
Collection title changes do not change the handle automatically; handle updates should be explicit and may optionally request a redirect.
The config layer normalizes domains and requires the Shopify admin domain in *.myshopify.com format.

Editing Workflow

When changing behavior:

Inspect the target command in src/commands.
Inspect the corresponding GraphQL helper in src/graphql if the command hits Shopify.
Keep behavior explicit and names clear. Avoid premature abstractions.
Update help text examples and identifier notes with addHelpText("after", ...).
If the command contract or method behavior changed, update README.md, AGENTS.md, and the relevant repository skill docs under skills/.

Then verify:

npm run build
npm run typecheck
npm test

Reference Files

Command surface, identifier rules, and mutation notes: references/cli-contract.md

Related Skills

openclaw/taskflow

tools

VerifiedTrustedCommunity

Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.

357,764SKILL.mdUpdated Apr 10, 2026

openclaw/extensions/lobster

tools

VerifiedTrustedCommunity

# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------

357,764SKILL.mdUpdated Apr 10, 2026

openclaw/extensions/lobster

steipete/extensions/lobster

tools

VerifiedTrustedCommunity

357,588SKILL.mdUpdated Apr 13, 2026

steipete/extensions/lobster

steipete/xurl

tools

VerifiedTrustedCommunity

A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.

356,423SKILL.mdUpdated Apr 13, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/avilocap/shopify-admin-cli.git

# Copy into Claude Code skills folder (global)
cp -r shopify-admin-cli/skills/shopfleet-cli ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

avilocap/shopify-admin-cli

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT