← 返回 Skills 市场
FIND SAP API
作者
SHENRUIYANG
· GitHub ↗
· v1.0.2
· MIT-0
306
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install sap-bah-openapi-backend-openclaw
功能描述
Reliable SAP Business Accelerator Hub API spec downloader for OpenClaw. Uses SAP_HUB_USERNAME and SAP_HUB_PASSWORD to log in through Playwright Chromium, dow...
安全使用建议
This package appears coherent for its stated purpose, but take these practical precautions before use: (1) Run it in an isolated environment (container or VM) because Playwright will download and run a Chromium binary. (2) Provide SAP credentials only at runtime via environment variables on your machine; do not store them in public registries. (3) Ensure /usr/download is a safe, intended location (or supply an output-dir you control) to avoid overwriting files. (4) Review and run the scripts locally before granting any agent autonomous execution — the scaffolding script generates code that may read .env and make network requests to whatever BASEURL you configure. (5) If you need stronger assurance, request provenance (source repo or maintainer) or run the downloader with test/non-prod credentials first.
功能分析
Type: OpenClaw Skill
Name: sap-bah-openapi-backend-openclaw
Version: 1.0.2
The skill bundle contains high-risk capabilities including automated browser login via Playwright, system-level file writing, and dynamic Python code generation. Specifically, `reliable_sap_hub_download.py` lacks input sanitization for the `--api-id` parameter, which is directly interpolated into an OData URL, potentially allowing for injection attacks against the SAP Hub API. Additionally, `scaffold_backend_from_openapi.py` generates and writes executable Python code to the `src/` directory based on external OpenAPI specifications. While these features align with the stated purpose of downloading and integrating SAP specs, the combination of credential handling, browser automation, and lack of input validation constitutes a significant security risk.
能力评估
Purpose & Capability
Name/description (SAP BAH OpenAPI downloader) matches the code and declared env vars. The two required env vars are exactly the credentials needed to log into hub.sap.com; the code constructs hub.sap.com OData $value endpoints and saves OpenAPI/EDMX artifacts to the declared output directory.
Instruction Scope
SKILL.md and the scripts explicitly describe using Playwright Chromium to authenticate and fetch files, validate payload signatures, and write files to an output dir. The instructions do not ask the agent to read unrelated system files or to exfiltrate secrets to third parties. The scaffold and import scripts operate on local files and the repo structure as expected.
Install Mechanism
There is no automated install spec (instruction-only), but requirements.txt lists playwright and PyYAML. The SKILL.md instructs manual installation of Playwright which will download Chromium binaries (standard Playwright behavior). This is expected for a browser-driven downloader but worth noting because Playwright will fetch browser artifacts from the network.
Credentials
Only SAP_HUB_USERNAME and SAP_HUB_PASSWORD are declared as required env vars and are used by the downloader. Other scripts reference optional environment variables (e.g., BASEURL, generated env prefixes) but those are for downstream scaffolding and not required for the described download operation.
Persistence & Privilege
Skill is not always-included and does not request elevated platform privileges. It writes files to a user-writable output directory (default /usr/download) and uses a temporary Playwright profile under /tmp. No modifications to other skills or global agent configuration are observed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sap-bah-openapi-backend-openclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/sap-bah-openapi-backend-openclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Dropped support and documentation for optional edge-profile authentication; now uses only environment variable credentials.
- Updated skill metadata to clarify supported operating systems and required environment variables.
- Simplified description and authentication instructions for clarity.
- Default browser set to Chromium, with edge-profile options removed from documentation and metadata.
- Improved metadata structure in SKILL.md to reflect updated requirements.
v1.0.1
- Default authentication now uses SAP_HUB_USERNAME and SAP_HUB_PASSWORD with Playwright Chromium.
- New optional authentication mode added: edge-profile, for reusing a logged-in Edge session when explicitly requested.
- Environment and metadata updated to clearly specify required authentication variables and browser/channel defaults.
- Prerequisites and documentation revised for improved clarity and to reflect new authentication behavior.
- Usage instructions updated with explicit guidance for both default and optional authentication modes.
v1.0.0
- Initial release of sap-bah-openapi-backend for OpenClaw.
- Downloads SAP Business Accelerator Hub OpenAPI JSON/YAML and OData EDMX via authenticated session.
- Saves downloaded specs to /usr/download and validates payload signatures.
- Supports batch download, file-list input, and retry logic for reliability.
- Includes tools for importing downloaded specs into APIConnectionToSAP categories.
- Provides example configurations and clear output contracts for error handling.
元数据
常见问题
FIND SAP API 是什么?
Reliable SAP Business Accelerator Hub API spec downloader for OpenClaw. Uses SAP_HUB_USERNAME and SAP_HUB_PASSWORD to log in through Playwright Chromium, dow... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 306 次。
如何安装 FIND SAP API?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sap-bah-openapi-backend-openclaw」即可一键安装,无需额外配置。
FIND SAP API 是免费的吗?
是的,FIND SAP API 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
FIND SAP API 支持哪些平台?
FIND SAP API 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin)。
谁开发了 FIND SAP API?
由 SHENRUIYANG(@shenruiyang)开发并维护,当前版本 v1.0.2。
推荐 Skills