Back to skill

Security audit

Frappecli

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Frappe/ERPNext CLI helper; it can change or export business data, but those powers match its stated purpose.

Install only if you trust the external frappecli package and intend to let an agent operate on your Frappe/ERPNext site. Use least-privilege API keys, protect the config file, start with staging when possible, and manually confirm production deletes, updates, uploads, exports, and RPC calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to activate on many general Frappe/ERPNext questions, including high-impact administrative tasks involving documents, files, reports, and RPC methods. In an agent setting, over-broad routing can cause this skill to be invoked for sensitive requests and expose powerful operational capabilities without sufficient narrowing or intent checks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation exposes a destructive delete command with no warning, confirmation requirement, or indication that deletion may be irreversible on a production ERP system. In this context, an agent or user following the examples could delete business records from a live Frappe site without appreciating the risk.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill documents file upload and download operations, including private-file paths, without warning about handling sensitive business data, access controls, or safe output locations. In a Frappe/ERPNext environment, these actions can move confidential invoices, logos, or other documents to unintended destinations or expose private files through careless use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.