Back to skill

Security audit

FIND SAP API

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate SAP API downloader, but it needs review because it also includes under-documented backend code generation and higher-risk credential and filesystem guidance.

Review before installing. Use this only if you intend to run SAP Hub browser login automation, keep SAP credentials in a protected runtime environment, prefer a user-owned output directory instead of /usr/download, and inspect any generated backend code before adding it to a project. Avoid running the scaffolder on untrusted OpenAPI specs without a manual code review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file is not a simple SAP spec downloader/validator; it is a code generator that creates backend modules with callable HTTP tools and FastAPI routes from arbitrary OpenAPI specs. That materially expands the skill from passive artifact retrieval into generation of executable network-capable components, which is dangerous because a downloaded or attacker-supplied spec can be turned into operational API clients inside the project.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This section generates executable Python modules that include authenticated HTTP request logic, environment-based credential use, and FastAPI endpoints exposing generated operations. In the context of a skill advertised only for downloading and validating SAP API specs, this is an unjustified capability expansion that can enable downstream misuse, including turning imported specs into live internal API bridges.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quickstart tells users to place SAP_HUB_USERNAME and SAP_HUB_PASSWORD directly into shell environment variables without any warning about shell history, process-environment exposure, shared terminals, CI logs, or multi-user systems. In this skill's context, these are real service credentials used to log into SAP Business Accelerator Hub, so normalizing casual plaintext handling increases the chance of credential leakage and downstream unauthorized API access.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The quickstart instructs users to run sudo mkdir and sudo chown against /usr/download without warning that this modifies a privileged system path and changes ownership on a directory under /usr. While not directly exploit code, this can lead to unsafe system configuration, unexpected permission changes, and encourages running setup steps with elevated privileges when a user-writable path would suffice.

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
PyYAML>=6.0
Confidence
96% confidence
Finding
playwright>=1.40.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
PyYAML>=6.0
Confidence
98% confidence
Finding
PyYAML>=6.0

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
PyYAML

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.