ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

FIND SAP API

v1.0.2

Reliable SAP Business Accelerator Hub API spec downloader for OpenClaw. Uses SAP_HUB_USERNAME and SAP_HUB_PASSWORD to log in through Playwright Chromium, dow...

0· 299·0 current·0 all-time
by@shenruiyang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shenruiyang/sap-bah-openapi-backend-openclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "FIND SAP API" (shenruiyang/sap-bah-openapi-backend-openclaw) from ClawHub.
Skill page: https://clawhub.ai/shenruiyang/sap-bah-openapi-backend-openclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SAP_HUB_USERNAME, SAP_HUB_PASSWORD
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sap-bah-openapi-backend-openclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install sap-bah-openapi-backend-openclaw
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SAP BAH OpenAPI downloader) matches the code and declared env vars. The two required env vars are exactly the credentials needed to log into hub.sap.com; the code constructs hub.sap.com OData $value endpoints and saves OpenAPI/EDMX artifacts to the declared output directory.
Instruction Scope
SKILL.md and the scripts explicitly describe using Playwright Chromium to authenticate and fetch files, validate payload signatures, and write files to an output dir. The instructions do not ask the agent to read unrelated system files or to exfiltrate secrets to third parties. The scaffold and import scripts operate on local files and the repo structure as expected.
Install Mechanism
There is no automated install spec (instruction-only), but requirements.txt lists playwright and PyYAML. The SKILL.md instructs manual installation of Playwright which will download Chromium binaries (standard Playwright behavior). This is expected for a browser-driven downloader but worth noting because Playwright will fetch browser artifacts from the network.
Credentials
Only SAP_HUB_USERNAME and SAP_HUB_PASSWORD are declared as required env vars and are used by the downloader. Other scripts reference optional environment variables (e.g., BASEURL, generated env prefixes) but those are for downstream scaffolding and not required for the described download operation.
Persistence & Privilege
Skill is not always-included and does not request elevated platform privileges. It writes files to a user-writable output directory (default /usr/download) and uses a temporary Playwright profile under /tmp. No modifications to other skills or global agent configuration are observed.
Assessment
This package appears coherent for its stated purpose, but take these practical precautions before use: (1) Run it in an isolated environment (container or VM) because Playwright will download and run a Chromium binary. (2) Provide SAP credentials only at runtime via environment variables on your machine; do not store them in public registries. (3) Ensure /usr/download is a safe, intended location (or supply an output-dir you control) to avoid overwriting files. (4) Review and run the scripts locally before granting any agent autonomous execution — the scaffolding script generates code that may read .env and make network requests to whatever BASEURL you configure. (5) If you need stronger assurance, request provenance (source repo or maintainer) or run the downloader with test/non-prod credentials first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSLinux · macOS
EnvSAP_HUB_USERNAME, SAP_HUB_PASSWORD
latestvk971w60yga5g9q6hbe2z6g8y2h82xfgx
299downloads
0stars
3versions
Updated 14h ago
v1.0.2
MIT-0
Linux, macOS
@shenruiyang
latest
Download

SAP BAH OpenAPI Backend (OpenClaw Upload Package)

Purpose

Use this skill to reliably download SAP API specification files from hub.sap.com.

Authentication:

  • SAP_HUB_USERNAME
  • SAP_HUB_PASSWORD

Downloaded files are written to:

  • /usr/download/<API_ID>_openapi.json
  • /usr/download/<API_ID>_openapi.yaml
  • /usr/download/<API_ID>_odata.edmx

Prerequisites

  1. Chromium available through Playwright.
  2. Python 3.10+.
  3. Python Playwright installed:
python3 -m pip install playwright
python3 -m playwright install chromium
  1. Writable output directory /usr/download.

If needed:

sudo mkdir -p /usr/download
sudo chown "$USER":staff /usr/download
  1. Maintain login credentials via environment variables:
export SAP_HUB_USERNAME='your_user'
export SAP_HUB_PASSWORD='your_password'

Security note:

  • Do not upload real credentials to ClawHub.
  • Maintain credentials only in the runtime environment.

How to start

Run from repository root:

python3 Skills/sap-bah-openapi-backend-openclaw-upload-1.0.0/scripts/reliable_sap_hub_download.py \
  --api-id WAREHOUSEORDER_0001

How to use

1) Download one or more API IDs

python3 Skills/sap-bah-openapi-backend-openclaw-upload-1.0.0/scripts/reliable_sap_hub_download.py \
  --api-id WAREHOUSEORDER_0001 \
  --api-id API_APAR_SEPA_MANDATE_SRV

2) Download from file list

python3 Skills/sap-bah-openapi-backend-openclaw-upload-1.0.0/scripts/reliable_sap_hub_download.py \
  --api-id-file /path/to/api_ids.txt

api_ids.txt example:

WAREHOUSEORDER_0001
API_APAR_SEPA_MANDATE_SRV
sap-s4-CE_EBPPPAYMENTREQUEST_0001-v1

3) Useful runtime options

python3 Skills/sap-bah-openapi-backend-openclaw-upload-1.0.0/scripts/reliable_sap_hub_download.py \
  --api-id WAREHOUSEORDER_0001 \
  --retries 4 \
  --timeout-seconds 90 \
  --json-report /usr/download/sap_download_report.json

4) Import downloaded files into project category

python3 Skills/sap-bah-openapi-backend-openclaw-upload-1.0.0/scripts/import_sap_hub_spec.py \
  --category AccountsReceivable \
  --pattern CONTRACTACCOUNT_0001 \
  --mode copy

Reliability behavior

The downloader script automatically:

  1. In default env mode, starts with a clean temporary browser profile.
  2. Uses Playwright Chromium.
  3. Logs in using SAP_HUB_USERNAME and SAP_HUB_PASSWORD.
  4. Downloads JSON/YAML/EDMX through Hub authenticated $value endpoints.
  5. Retries transient failures.
  6. Rejects OAuth/login HTML payloads.
  7. Verifies expected OpenAPI/EDMX signatures before writing files.

Output contract

  • Exit code 0: all requested files downloaded and validated.
  • Exit code 2: partial/complete failures (see JSON report/stdout report).

Included files

  • scripts/reliable_sap_hub_download.py
  • scripts/import_sap_hub_spec.py
  • scripts/scaffold_backend_from_openapi.py
  • references/quickstart.md

Comments

Loading comments...