Frappecli
v0.1.1CLI for Frappe Framework / ERPNext instances. Use when user asks about "Frappe", "ERPNext", "doctypes", "Frappe API", or needs to manage documents, files, reports, or call RPC methods on a Frappe site.
⭐ 1· 2.1k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Frappe CLI for ERPNext) matches the SKILL.md: it documents commands for doctype, document CRUD, files, reports, and RPC calls. No unrelated services, binaries, or credentials are requested by the skill bundle itself.
Instruction Scope
The SKILL.md instructs the user/agent to install and run a CLI that interacts with remote Frappe sites and to create a config file at ~/.config/frappecli/config.yaml containing api_key/api_secret. This is expected for a remote-API CLI, but it does mean the agent will (if invoked) read/write a config file with secrets and will make network calls to the configured sites. The SKILL.md does not direct the agent to read other system files or unrelated environment variables.
Install Mechanism
The skill bundle is instruction-only (no install spec) so nothing in the skill will be written to disk by default. The documentation suggests installing via a third-party Homebrew tap or cloning a GitHub repo and using pip; both are common but should be verified by the user. One command in the instructions ('uv sync') is unusual and may refer to a specific tool — verify what 'uv' is before running.
Credentials
The bundle declares no environment variables or credentials. The SKILL.md expects API keys and secrets placed in the CLI config file for the Frappe sites, which is proportional to the described functionality and typical for this kind of tool.
Persistence & Privilege
always:false and default autonomy settings are used (agent may invoke the skill when relevant). This is normal for skills that interact with external services. There is no request to modify other skills or system-wide settings.
Assessment
This skill appears internally consistent, but take basic precautions before installing or using it: 1) Verify the Homebrew tap and GitHub repository (pasogott/frappecli) are the authentic sources you expect. 2) Inspect the repository code (and the Homebrew formula) before installing to confirm there are no surprises. 3) When creating ~/.config/frappecli/config.yaml, use least-privilege API keys limited to the actions needed and set tight file permissions (e.g., 600) so secrets aren't world-readable. 4) Be cautious about running unfamiliar commands (the SKILL.md includes an unusual 'uv sync' step—clarify what that does). 5) Remember the CLI issues network requests and can run RPCs on your Frappe sites—avoid giving it keys for highly privileged accounts until you've audited the code and source. If you want additional confidence, ask the publisher for a signed release or a link to an official project homepage before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97c7tjk0gbtp6a6ww926vy4757yvmbw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.