SAP Integration Suite
WarnAudited by ClawScan on May 10, 2026.
Overview
Review before use: this skill can use SAP credentials to read tables and call arbitrary SAP functions, but the artifacts do not clearly limit or require approval for those actions.
Only connect this skill to non-production or tightly scoped SAP accounts unless you have reviewed and restricted it. Add allowlists for tables and RFC/BAPI functions, require explicit approval for mutating actions and large exports, store credentials securely, and verify dependencies/provenance before running the scripts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected with a real SAP account, the agent could invoke read or write RFC/BAPI functions in the SAP system, depending on that account's permissions.
The script accepts an arbitrary RFC function name and parameters and calls it directly over an authenticated SAP connection; no allowlist or confirmation control is shown.
SAP RFC Function Caller - Execute any RFC-enabled function module ... result = self.conn.call(function_name, **parameters)
Use an allowlist of approved functions, require explicit user approval for any mutating RFC/BAPI, test in non-production first, and log every call with parameters and result status.
A broad SAP credential could expose customer, financial, employee, or operational records to local exports.
The extractor is designed to read any SAP table, with all fields if none are specified, and can export the results. The artifact does not bound tables, fields, row limits beyond a default, or data sensitivity.
Extract data from any SAP table using RFC_READ_TABLE ... fields: List of fields to extract (None = all fields) ... 'QUERY_TABLE': table_name
Restrict table and field access, require approval for large or sensitive exports, mask regulated data where possible, and use least-privilege read-only SAP roles.
Using a privileged SAP user would give the agent the same broad access, including potentially sensitive reads or business-data mutations.
The script requires SAP account credentials from a local JSON config and then performs operations with that account's privileges, while the registry metadata does not declare a credential or config contract.
required_params = ['ashost', 'sysnr', 'client', 'user', 'passwd'] ... self.conn = pyrfc.Connection(**connection_params)
Do not use personal or administrator SAP accounts. Provide a scoped service account, store secrets in a secure secret manager rather than plaintext config files, and document the required permissions.
Users may need to install SAP/Python dependencies themselves and should verify exactly what code and packages will run.
The package includes runnable SAP integration code but provides limited provenance and no dependency/install contract. This does not prove malicious behavior, but it makes safe setup harder to verify.
Source: unknown; Homepage: none ... Install specifications: No install spec — this is an instruction-only skill ... Code file presence: 2 code file(s)
Provide a clear source repository, dependency list or lockfile, and installation instructions; users should review dependencies before executing the scripts.
A user may connect production or privileged SAP credentials believing the skill has built-in guardrails that are not evident in the artifacts.
The documentation claims safeguards are enforced, but the included scripts expose generic SAP function and table access and do not show enforcement of minimal authorization, encryption, or audit logging.
Security best practices enforced: - Minimal authorization principle - Encrypted data transmission - Audit trail logging - No hardcoded credentials
Replace broad safety claims with precise requirements and implemented controls, or add code-level enforcement for authorization scope, secure transport, and audit logging.