From shopify-admin-skills
Tags Shopify high-risk orders for manual review and optionally holds fulfillment to prevent shipping. Use after detecting fraud risks to create review queues.
npx claudepluginhub 40rty-ai/shopify-admin-skills --plugin shopify-admin-skillsThis skill uses the workspace's default tool permissions.
Queries recent high-risk orders and takes two protective actions: tags the order for staff visibility and optionally places a fulfillment hold to prevent the order from shipping until reviewed. Complements `order-risk-report` (which only reads) with write actions that create a reviewable queue.
Queries Shopify orders by fraud risk level (high/medium/all) with risk indicators like address mismatch or risky IP for manual review queues. Filters by date range and min value; outputs human/JSON.
Guides Shopify order management via GraphQL: lifecycle, FulfillmentOrder, returns/refunds, draft orders, editing, transactions, metafields, risk analysis.
Manages Shopify orders, customers, and fulfillments via GraphQL Admin API. Query orders, process fulfillments, handle customer records, create draft orders.
Share bugs, ideas, or general feedback.
Queries recent high-risk orders and takes two protective actions: tags the order for staff visibility and optionally places a fulfillment hold to prevent the order from shipping until reviewed. Complements order-risk-report (which only reads) with write actions that create a reviewable queue.
shopify store auth --store <domain> --scopes read_orders,write_orders,write_fulfillmentsread_orders, write_orders, write_fulfillments| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| store | string | yes | — | Store domain (e.g., mystore.myshopify.com) |
| days_back | integer | no | 1 | Lookback window (default: last 24 hours) |
| min_order_value | float | no | 0 | Only flag orders above this value |
| tag | string | no | fraud-review | Tag applied to flagged orders |
| hold_fulfillment | bool | no | true | Also place a fulfillment hold on flagged orders |
| hold_reason | string | no | UNKNOWN_PAYMENT_RISK | Fulfillment hold reason |
| dry_run | bool | no | true | Preview without executing mutations |
| format | string | no | human | Output format: human or json |
⚠️
fulfillmentOrderHoldprevents orders from being fulfilled until the hold is explicitly released. Customers will experience a shipping delay while on hold. Usehold_fulfillment: falseif you only want to tag without blocking fulfillment. Run withdry_run: trueto confirm the order list before committing. Release holds with theorder-hold-and-releaseskill after review.
OPERATION: orders — query
Inputs: query: "risk_level:high created_at:>='<NOW - days_back days>'", first: 250, select riskLevel, fulfillmentOrders, totalPriceSet
Expected output: High-risk orders in window
OPERATION: tagsAdd — mutation
Inputs: Order id, tags: [<tag>]
Expected output: Updated order tags; userErrors
OPERATION: fulfillmentOrderHold — mutation (if hold_fulfillment: true)
Inputs: fulfillmentOrderId, reason: <hold_reason>, reasonNotes: "High-risk order — awaiting fraud review"
Expected output: heldFulfillmentOrder { id, status }, userErrors
# orders:query — validated against api_version 2025-01
query HighRiskOrders($query: String!, $after: String) {
orders(first: 250, after: $after, query: $query) {
edges {
node {
id
name
riskLevel
totalPriceSet {
shopMoney {
amount
currencyCode
}
}
tags
fulfillmentOrders(first: 5) {
edges {
node {
id
status
}
}
}
customer {
id
displayName
numberOfOrders
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
# tagsAdd:mutation — validated against api_version 2025-01
mutation TagsAdd($id: ID!, $tags: [String!]!) {
tagsAdd(id: $id, tags: $tags) {
node {
id
}
userErrors {
field
message
}
}
}
# fulfillmentOrderHold:mutation — validated against api_version 2025-01
mutation FulfillmentOrderHold($id: ID!, $fulfillmentHold: FulfillmentOrderHoldInput!) {
fulfillmentOrderHold(id: $id, fulfillmentHold: $fulfillmentHold) {
fulfillmentOrder {
id
status
}
userErrors {
field
message
}
}
}
Claude MUST emit the following output at each stage. This is mandatory.
On start, emit:
╔══════════════════════════════════════════════╗
║ SKILL: High Risk Order Tagger ║
║ Store: <store domain> ║
║ Started: <YYYY-MM-DD HH:MM UTC> ║
╚══════════════════════════════════════════════╝
After each step, emit:
[N/TOTAL] <QUERY|MUTATION> <OperationName>
→ Params: <brief summary of key inputs>
→ Result: <count or outcome>
If dry_run: true, prefix every mutation step with [DRY RUN] and do not execute it.
On completion, emit:
For format: human (default):
══════════════════════════════════════════════
OUTCOME SUMMARY
High-risk orders found: <n>
Orders tagged: <n>
Fulfillment holds placed: <n>
Errors: <n>
Output: risk_tagging_<date>.csv
══════════════════════════════════════════════
For format: json, emit:
{
"skill": "high-risk-order-tagger",
"store": "<domain>",
"started_at": "<ISO8601>",
"dry_run": true,
"outcome": {
"orders_found": 0,
"tagged": 0,
"holds_placed": 0,
"errors": 0,
"output_file": "risk_tagging_<date>.csv"
}
}
CSV file risk_tagging_<YYYY-MM-DD>.csv with columns:
order_name, order_id, risk_level, total_price, currency, tag_applied, hold_placed, customer_name
| Error | Cause | Recovery |
|---|---|---|
THROTTLED | API rate limit exceeded | Wait 2 seconds, retry up to 3 times |
userErrors on hold | Order already fulfilled or hold already exists | Log as skipped, continue |
| No high-risk orders | Clean period | Exit with 0 flagged |
order-risk-report to review the risk indicators in detail before deciding to cancel or release.order-hold-and-release skill to minimize shipping delay.numberOfOrders > 3) are unlikely to be fraudulent — consider filtering them out with min_order_value or a separate query.