ClawHub

SAP Integration Suite

Security checks across malware telemetry and agentic risk

Overview

This SAP skill appears purpose-built rather than deceptive, but it gives broad SAP read and execution power without enough built-in limits or cautions.

Install only if you are prepared to control it like a privileged SAP automation tool. Use a dedicated least-privilege account, prefer read-only roles, restrict allowed RFC/BAPI functions and tables, avoid production use until reviewed, and treat exported JSON/Excel output as sensitive business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
This script is explicitly designed to execute arbitrary RFC-enabled SAP function modules, including write-capable or administrative functions, with no allowlist, confirmation guardrails, or role-based restrictions in the tool itself. In an agent/skill context, that makes the capability unusually dangerous because a prompt, operator mistake, or downstream automation can trigger sensitive data access or destructive state changes in an SAP system.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is scoped to essentially any SAP-related work, including data extraction, RFC/BAPI calls, API integration, code generation, table analysis, workflow automation, and migration tasks. Such a broad trigger can cause the skill to activate in many contexts involving sensitive enterprise systems and data, increasing the chance of overbroad invocation, unintended data access guidance, or use of powerful scripts like generic extractors and RFC callers without sufficient task-level constraints.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide includes an enhancement usage tracking example that logs user IDs, document identifiers, program names, and timestamps, but provides no privacy, retention, minimization, or access-control guidance. In a reference skill, this can normalize collection of potentially sensitive operational and personal data without warning, increasing risk of privacy violations, overcollection, and misuse of audit data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The external integration example transmits document_data to another system via a custom function without any warning about data classification, user notice, consent/authorization, or secure transport expectations. In this context, the omission is risky because readers may replicate the pattern and send sensitive business data externally without validating necessity, contractual controls, or privacy/security safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide shows a direct connection example using the highly privileged SYSTEM account and an inline password placeholder without any warning that this account should not be used by applications. Even though the values are illustrative, documentation like this normalizes insecure operational practices and can lead users to deploy integrations with overprivileged credentials, increasing blast radius if the application or secrets are compromised.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation includes an administrative command to reclaim version space without explaining operational impact, prerequisites, or when it is appropriate to run. In a reference guide, such commands can be copied into production troubleshooting workflows and may cause disruption or unintended side effects if executed by inexperienced users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The user-management example creates an account with a static password and grants schema access/roles without any discussion of password handling, privilege minimization, or account scoping. This is risky because readers may replicate the pattern directly, resulting in weak credential hygiene and broader-than-necessary access for technical users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool exposes arbitrary remote SAP RFC execution as a generic feature but provides no warning, friction, or safety checks around potentially destructive operations. In a skill setting, this increases the chance that an agent or user invokes sensitive functions such as user, finance, transport, or system-management operations without understanding the consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal