ClawHub

SAP FICO Senior Consultant

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-and-reference SAP FICO consulting skill with disclosed auto-activation and no evidence of hidden code execution, credential access, persistence, or data exfiltration.

Install this if you want an SAP FICO-focused assistant and are comfortable with broad SAP keyword auto-activation and French SAP terminology. Treat the consultant profile as an AI role, and verify production SAP configuration, migration, OSS note, or accounting-impact advice with official SAP documentation and authorized SAP staff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The auto-trigger uses a very broad keyword list including common SAP terms such as 'SAP', 'S/4HANA', table names, and transaction codes, so the skill may activate in contexts where the user did not request SAP FICO assistance. In a multi-skill agent, this can cause misrouting, prompt overshadowing, or inappropriate domain framing of user requests, reducing reliability and potentially exposing users to incorrect or irrelevant guidance.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Mandating French technical SAP terminology without user choice can override user preferences and reduce usability or comprehension for non-French-speaking users. This is primarily a safety/quality issue rather than a direct security flaw, but in operational settings it can lead to misunderstandings in configuration or troubleshooting advice.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Requiring responses in French regardless of user preference reinforces a rigid behavior that may prevent the agent from adapting to the user's language needs. In a technical support context, this can increase the chance of user misunderstanding and misapplication of SAP configuration steps.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal