Frappecli
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is a straightforward Frappe/ERPNext CLI reference, but it can use ERP API credentials to make real changes to business data if the user runs the documented commands.
Install this only if you trust the external frappecli project and understand that the configured API keys may let the agent run commands against your Frappe/ERPNext site. Use staging first, limit credential permissions, and manually review delete, update, upload, export, and RPC commands before using them on production.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with powerful ERP credentials, the CLI could change or delete records or trigger server-side actions.
The skill documents commands that can create, update, delete, and invoke RPC methods on a Frappe/ERPNext site. This is aligned with the stated CLI purpose, but these are high-impact operations on business systems.
frappecli doc create Customer ...
frappecli doc update Customer CUST-001 ...
frappecli doc delete Customer CUST-001
...
frappecli rpc myapp.api.process_data --args '{"doc_id":"DOC-001"}'Use least-privilege API keys where possible and confirm destructive or RPC commands before running them, especially against production.
Anyone or any process able to use those credentials may access or modify ERP data according to the key's permissions.
The skill requires Frappe API credentials stored in a local configuration file, including a production site example. This is expected for the integration, but those credentials may grant sensitive account access.
Create `~/.config/frappecli/config.yaml`:
sites:
production:
url: https://erp.company.com
api_key: your_api_key
api_secret: your_api_secretStore the config securely, restrict file permissions, avoid overly broad production keys, and rotate credentials if exposed.
The safety of the installed CLI depends on the external repository or Homebrew tap, which was not reviewed here.
The reviewed skill contains only instructions and points to external Homebrew/GitHub installation sources; the actual CLI code is not included in the provided artifacts.
brew tap pasogott/tap brew install frappecli ... git clone https://github.com/pasogott/frappecli.git cd frappecli && uv sync && uv pip install -e .
Review the upstream repository/tap, prefer pinned versions or trusted releases, and install only from sources you trust.