mcp-audit
mcp-audit / servers / @shopify/dev-mcp

Is @shopify/dev-mcp safe?

listed, not verified   The mcp-audit verdict for @shopify/dev-mcp (npm), rendered from the same JSON the API serves.

Registry facts

MaintainerShopify
Verified publisherno
Entry last verified2026-05-02
Hash pins availableno
Repositoryhttps://github.com/Shopify/dev-mcp

Known vulnerabilities

No known CVEs recorded for this package.

What it can do

Capability tags come from mcp-audit's curated registry and drive its cross-server toxic-flow analysis.

Check your own machine

This page describes the public package. What matters is your deployment — run the full check locally:

pip install mcp-audit-scanner
mcp-audit check

Badge for your README

mcp-audit verdict badge

![mcp-audit](https://img.shields.io/endpoint?url=https://mcp-audit.dev/v1/badge/npm/at-shopify-dev-mcp.json)