Frappe MCP
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches ERPNext automation, but its bulk and generic workflows can change, delete, export, or run custom operations across arbitrary ERP records.
Only install this if you trust the publisher and can connect it to a tightly scoped ERPNext MCP account. Consider disabling the bulk_operation and generic_task definitions unless you need them, and require explicit human confirmation plus previews/backups before any update, delete, export, payment, submit, cancel, or custom-method action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad request could alter, delete, or export large sets of ERPNext business records.
The bulk workflow accepts arbitrary DocTypes and can update, delete, import, or export records. It declares some guardrails, but the artifact does not show a DocType allowlist or enforceable approval/recovery flow.
"description": "Handle bulk operations - bulk create, update, delete, import/export for any DocType" ... "tool": "bulk_delete_documents" ... "tool": "export_documents"
Require explicit per-run confirmation, dry-run previews, enforced backups for destructive actions, DocType/action allowlists, and least-privilege ERPNext permissions.
The agent could perform broad ERPNext actions that go beyond the safer predefined workflows if a user request is ambiguous or misinterpreted.
The generic workflow is an escape-hatch style controller for many actions, including delete, submit, cancel, and user-specified custom document methods.
"dynamically discovers and executes appropriate tools based on user intent" ... "action": ["create", "read", "update", "delete", "list", "search", "submit", "cancel", "custom"] ... "tool": "run_doc_method"
Disable or restrict the generic workflow unless needed; require explicit approval for submit/cancel/delete/custom actions and limit allowed DocTypes and methods.
If connected with a powerful ERPNext account, the skill may create or modify financial records within that account's authority.
The skill can create financial payment entries through the configured ERPNext MCP tools. No credential theft or hardcoded secrets are shown, but the connected account's permissions are important.
"description": "Process payment against a sales invoice or sales order" ... "tool": "create_document" ... "doctype": "Payment Entry"
Use a dedicated least-privilege ERPNext user, restrict financial permissions where possible, and require human review before payment, invoice, submit, cancel, or delete actions.
Users have less external context for verifying who maintains the workflow definitions.
The artifact provides limited provenance information. This is not malicious by itself, but it matters because the workflows can affect important ERP data.
Source: unknown; Homepage: none
Verify the publisher and review the JSON definitions before enabling the skill in a production ERPNext environment.