FIND SAP API
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its SAP API downloader purpose, but it needs review because helper scripts can use arbitrary environment variables as login credentials and write or generate files without tight path/input containment.
Install only if you are comfortable providing SAP Hub credentials in the runtime environment. Run the commands yourself, avoid pointing credential options at non-SAP secrets, use trusted API ID lists and OpenAPI specs, and review generated or imported file paths before allowing writes to your project.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or prompt uses these options incorrectly, a non-SAP secret from the local environment could be entered into the SAP login page.
The stated credential contract is SAP_HUB_USERNAME and SAP_HUB_PASSWORD, but the script can read any environment variable names supplied on the command line and use those values for browser login.
ap.add_argument("--username-env", default="SAP_HUB_USERNAME")
ap.add_argument("--password-env", default="SAP_HUB_PASSWORD")
...
os.environ.get(username_env, "").strip(),
os.environ.get(password_env, "").strip()Restrict credential reads to the documented SAP_HUB_USERNAME and SAP_HUB_PASSWORD variables, or require explicit user approval and an allowlist before reading alternative environment variables.
A malformed API ID could cause writes outside the intended download folder if it produces a valid response, creating or overwriting files in unexpected locations.
The output filename is built directly from the user-provided API ID. The visible code does not sanitize path separators or resolve and verify that the final path stays under the requested output directory.
out_file = out_dir / f"{api_id}_{suffix}"
...
out_file.write_text(body, encoding="utf-8")Validate API IDs against a safe character pattern, sanitize filenames, and resolve the final path to ensure it remains inside the output directory before writing.
A bad or manipulated category value could place imported files outside the intended project category tree.
The category name is used directly as a path below APIConnectionToSAP. The code does not reject '../' or absolute-path style input before creating directories and copying or moving files.
parser.add_argument("--category", required=True, help="Category folder name under APIConnectionToSAP...")
...
category_dir = api_root / category
connection_dir.mkdir(parents=True, exist_ok=True)Normalize and validate category names, reject path traversal components, and verify the resolved target directory is inside APIConnectionToSAP.
If scaffolding is run on an untrusted OpenAPI file and the generated module is later imported or executed, injected code could run in the user's project.
OpenAPI summary/description text is inserted directly into generated Python docstrings. A malicious or untrusted spec could include characters that break out of the docstring and alter generated code.
summary = str(op_obj.get("summary") or op_obj.get("description") or f"{method.upper()} {path}")
...
f''' """{op.summary}"""\n'''Escape or safely serialize all spec-derived strings in generated Python, and advise users to review generated code before running or importing it.
Future dependency versions could behave differently from the reviewed version.
The package uses minimum-version dependency ranges rather than pinned versions or a lockfile. This is common for instruction-based Python skills, but it leaves installed versions dependent on the current package index state.
playwright>=1.40.0 PyYAML>=6.0
Prefer pinned versions or a lockfile for reproducible installs, especially because the skill handles credentials and browser automation.