Shopify MCP
MCP server for Shopify Admin GraphQL API — products, orders, customers, inventory, metafields, and fulfillment management
Score Breakdown
Server Info
- Package
- shopify-mcp
- Registry
- npm
- Repository
- GeLi2001/shopify-mcp
- Maintainer
- Community
- Category
- E-commerce
- Tags
- storeproductsorders
- Last Scanned
- 7 Apr 2026
Findings
6 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Supports two auth modes: (1) static access token via SHOPIFY_ACCESS_TOKEN env var, or (2) OAuth client credentials flow via SHOPIFY_CLIENT_ID + SHOPIFY_CLIENT_SECRET with automatic token refresh. Token is exchanged for a short-lived access token from Shopify's admin OAuth endpo... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Permission Granularity
MEDIUM2 tools combine read and write operations
Good separation of read and write operations. Destructive operations (delete-product, delete-customer, order-cancel, customer-merge, delete-metafields, delete-product-variants) are in separate tools. Mixed tools: manage-customer-address and manage-tags combine create/update/delete via action param. Descriptions generally specify scope though some are terse (e.g. 'Delete a product', 'Delete a customer').
Split into separate read and write tools.
LLM Safety
MEDIUM3 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by GeLi2001
No official vendor backing.
Seek vendor verification.
HIGH28 dependency vulnerabilities (1 critical, 20 high)
npm audit found 1 critical and 20 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
44 total| Name | Description | Risk |
|---|---|---|
| get-products | Get all products or search by title | read |
| get-product-by-id | Get a specific product by ID | read |
| create-product | Create a new product. When using productOptions, Shopify registers all option values but only creates one default variant (first value of each option, price $0). Use manage-product-variants with strategy=REMOVE_STANDALONE_VARIANT afterward to create all real variants with prices. | write |
| update-product | Update an existing product's fields (title, description, status, tags, etc.) | write |
| delete-product | Delete a product | admin |
| manage-product-variants | Create, update, or delete product variants with a strategy-based approach | write |
| delete-product-variants | Delete one or more variants from a product | admin |
| manage-product-options | Add, update, or reorder product options (e.g. Size, Color) | write |
| get-orders | Get orders with optional filtering by status | read |
| get-order-by-id | Get a specific order by ID | read |
| update-order | Update an existing order with new information | write |
| create-draft-order | Create a draft order with line items, customer, and shipping details | write |
| complete-draft-order | Complete a draft order, converting it to a real order | write |
| order-cancel | Cancel an order with options for refunding, restocking inventory, and customer notification. Cancellation is irreversible. | admin |
| order-close-open | Close or re-open an order | write |
| order-mark-as-paid | Mark an order as paid manually | write |
| create-fulfillment | Create a fulfillment (mark items as shipped) with optional tracking info and customer notification. | write |
| refund-create | Create a full or partial refund for an order with optional restocking and shipping refund. | write |
| get-customers | Get customers or search by name/email | read |
| get-customer-by-id | Get a single customer by ID | read |
| get-customer-orders | Get orders for a specific customer | read |
| create-customer | Create a new customer | write |
| update-customer | Update a customer's information | write |
| delete-customer | Delete a customer | admin |
| customer-merge | Merge two customer records into one. Optionally override which fields to keep from which customer. | admin |
| manage-customer-address | Create, update, or delete a customer's mailing address. Can optionally set as default. | write |
| get-metafields | Get metafields for any Shopify resource by GID | read |
| set-metafields | Set metafields on any Shopify resource (products, orders, customers, variants, collections, etc.). Creates or updates up to 25 metafields atomically. | write |
| delete-metafields | Delete one or more metafields by GID | admin |
| manage-tags | Add or remove tags on any taggable resource (orders, products, customers, draft orders, articles). | write |
| inventory-set-quantities | Set absolute inventory quantities for items at specific locations. Use for inventory corrections, cycle counts, etc. | write |
| get-shop-info | Get shop configuration including name, plan, currencies, features, payment settings, tax config, and contact info | read |
| get-metafield-definitions | Get metafield definitions for a given owner type (e.g. PRODUCT, ORDER, CUSTOMER) | read |
| get-locations | Get all shop locations with address and fulfillment details | read |
| get-markets | Get all markets (regions) configured for the shop | read |
| get-collections | Get collections with optional filtering and pagination | read |
| get-order-transactions | Get payment transactions for an order including amounts, gateway, status, and authorization details | read |
| get-fulfillment-orders | Get fulfillment orders for an order, showing what needs to be fulfilled and at which locations | read |
| get-order-refund-details | Get detailed refund information for an order including line items, amounts, and restocking details | read |
| get-collection-by-id | Get a single collection by ID with its products | read |
| get-inventory-levels | Get inventory levels for specific items at locations | read |
| get-inventory-items | Get inventory item details (cost, country of origin, HS code) for product variants | read |
| get-price-lists | Get price lists for international pricing (B2B catalogs, market-specific pricing) | read |
| get-product-variants-detailed | Get detailed variant information for a product including inventory, pricing, and option values | read |
Deploy Shopify MCP securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow