# Shopify Admin Staff Account Audit

> Read-only: reviews staff accounts for stale logins, inactive status, and overpermissioned roles to surface security and access hygiene issues.

- **Type:** Skill
- **Install:** `agentstack add skill-40rty-ai-shopify-admin-skills-shopify-admin-staff-account-audit`
- **Verified:** Yes — security-reviewed for prompt injection and unsafe behavior
- **Seller:** [40RTY-ai](https://agentstack.voostack.com/s/40rty-ai)
- **Installs:** 0
- **Category:** [Agent Skills](https://agentstack.voostack.com/c/agent-skills)
- **Latest version:** 0.1.0
- **License:** MIT
- **Upstream author:** [40RTY-ai](https://github.com/40RTY-ai)
- **Source:** https://github.com/40RTY-ai/shopify-admin-skills/tree/main/skills/store-management/shopify-admin-staff-account-audit
- **Website:** http://skills.40rty.ai

## Install

```sh
agentstack add skill-40rty-ai-shopify-admin-skills-shopify-admin-staff-account-audit
```

Requires the [AgentStack CLI](https://agentstack.voostack.com/docs/cli). Works with Claude Code, Cursor, and any MCP-compatible agent.

## About

## Purpose
Audits all staff member accounts on the store to surface security and access-hygiene risks. Flags accounts that have not logged in for more than `stale_days` days, accounts that are inactive but still provisioned, and accounts with full / shop-owner-equivalent permissions. Read-only — no mutations. Provides the data foundation for a follow-up access review or deprovisioning workflow.

## Prerequisites
- Authenticated Shopify CLI session: `shopify store auth --store  --scopes read_users`
- API scopes: `read_users`
- Caller must be Shop Owner or have staff-management permissions to query staff data

## Parameters

| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| store | string | yes | — | Store domain (e.g., mystore.myshopify.com) |
| stale_days | integer | no | 90 | Flag accounts with no login activity in this many days |
| include_inactive | bool | no | true | Include accounts where `active: false` in the audit output |
| include_owner | bool | no | false | Include the shop owner row in flagged-account counts |
| format | string | no | human | Output format: `human` or `json` |

## Safety

> ℹ️ Read-only skill — no mutations are executed. Safe to run at any time. No staff accounts are deactivated or modified by this skill.

## Workflow Steps

1. **OPERATION:** `staffMembers` — query
   **Inputs:** `first: 250`, select `id`, `name`, `email`, `active`, `isShopOwner`, `accountType`, `locale`, `lastSeen`, pagination cursor
   **Expected output:** All staff members with status and last-login data; paginate until `hasNextPage: false`

2. Compute `days_since_last_seen` per member. Flag any member with `days_since_last_seen > stale_days` as **stale**.

3. Flag any member with `active: false` (or `accountType: SUSPENDED`) as **inactive but provisioned**.

4. Flag any member with `isShopOwner: true` or `accountType: COLLABORATOR` with full permissions as **high privilege** for review.

5. Cross-tabulate: produce per-account record with all flags joined (`stale`, `inactive`, `high_privilege`).

## GraphQL Operations

```graphql
# staffMembers:query — validated against api_version 2025-01
query StaffAccountAudit($after: String) {
  staffMembers(first: 250, after: $after) {
    edges {
      node {
        id
        name
        email
        active
        isShopOwner
        accountType
        locale
        exists
        phone
        avatar {
          url
        }
        privateData {
          accountSettingsUrl
          createdAt
        }
      }
    }
    pageInfo {
      hasNextPage
      endCursor
    }
  }
}
```

## Session Tracking

**Claude MUST emit the following output at each stage. This is mandatory.**

**On start**, emit:
```
╔══════════════════════════════════════════════╗
║  SKILL: Staff Account Audit                  ║
║  Store:                        ║
║  Started:              ║
╚══════════════════════════════════════════════╝
```

**After each step**, emit:
```
[N/TOTAL]   
          → Params: 
          → Result: 
```

**On completion**, emit:

For `format: human` (default):
```
══════════════════════════════════════════════
STAFF ACCOUNT AUDIT  (stale threshold:  days)
  Total staff accounts:   
  Active:                 
  Inactive (provisioned): 
  Stale logins (>Nd):       (%)
  High-privilege roles:   

  Flagged accounts (top by risk):
    ""   last_seen:   flags: 
  Output: staff_audit_.csv
══════════════════════════════════════════════
```

For `format: json`, emit:
```json
{
  "skill": "staff-account-audit",
  "store": "",
  "stale_days_threshold": 90,
  "total_accounts": 0,
  "active_accounts": 0,
  "inactive_accounts": 0,
  "stale_accounts": 0,
  "high_privilege_accounts": 0,
  "output_file": "staff_audit_.csv"
}
```

## Output Format
CSV file `staff_audit_.csv` with columns:
`staff_id`, `name`, `email`, `account_type`, `is_shop_owner`, `active`, `last_seen`, `days_since_last_seen`, `is_stale`, `is_inactive`, `is_high_privilege`, `flags`

## Error Handling
| Error | Cause | Recovery |
|-------|-------|----------|
| `THROTTLED` | API rate limit exceeded | Wait 2 seconds, retry up to 3 times |
| `ACCESS_DENIED` on `staffMembers` | Caller lacks `read_users` or staff-mgmt permission | Re-auth as Shop Owner / staff-admin |
| `lastSeen: null` on a staff member | Account never logged in | Treat as `days_since_last_seen = days_since_account_created`; flag as stale |
| Empty staff list | Single-operator store (owner only) | Exit with 1 row (the owner); skill is still useful for record-keeping |

## Best Practices
- Run quarterly (90-day cadence) as part of routine access reviews. Pair with the offboarding checklist — every former employee should be revoked, not merely deactivated.
- Use `stale_days: 30` for high-risk stores (high-volume, large staff) and `stale_days: 180` for very small teams where seasonal access is normal.
- Sort the CSV by `days_since_last_seen` descending to prioritize the longest-stale accounts first.
- High-privilege accounts (Shop Owner, full-permission collaborators) should have unique strong credentials and 2FA — treat any stale high-privilege account as a P0 review item.
- Export the CSV into your access-review tracker; do not deactivate accounts blindly — confirm with the account holder's manager first.
- Cross-reference flagged stale accounts with recent `staffMember`-scoped audit log events before deprovisioning to ensure there is no in-flight work.

## Source & license

This open-source skill is cataloged on AgentStack and links to its original source — we do not rehost the code.

- **Author:** [40RTY-ai](https://github.com/40RTY-ai)
- **Source:** [40RTY-ai/shopify-admin-skills](https://github.com/40RTY-ai/shopify-admin-skills)
- **License:** MIT
- **Homepage:** http://skills.40rty.ai

Install and usage instructions live in the source repository linked above.

## Pricing

- **Free** — Free

## Versions

- **0.1.0** — security scan: passed — Imported from the upstream source.

## Links

- Listing page: https://agentstack.voostack.com/l/skill-40rty-ai-shopify-admin-skills-shopify-admin-staff-account-audit
- Seller: https://agentstack.voostack.com/s/40rty-ai
- Browse the marketplace: https://agentstack.voostack.com/browse

---
Listed on AgentStack — the marketplace for AI agent skills and MCP servers. Every listing is security-reviewed. Creators keep 70%.