Is chanfouricc/sap-fico-consultant safe?

https://github.com/openclaw/skills/tree/main/skills/chanfouricc/sap-fico-consultant

98
SAFE

This skill is a benign, well-structured SAP FI/CO consulting knowledge base consisting entirely of static reference data (transaction codes, SAP tables, error codes) and a domain-specific system prompt. No executable code, no data exfiltration mechanisms, no suspicious clone behavior, and all canary files remained intact. The only notable elements are a standard persona override and an unrelated lock file artifact.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO Standard persona override in system prompt -5

system_prompt.md instructs the LLM to adopt the role of a 'Senior SAP FICO Consultant' with 15+ years of experience and enforces a mandatory 8-section response format. This is standard and expected behavior for a domain-specific consulting skill. The persona is narrowly scoped to SAP FI/CO topics with explicit guardrails.

INFO Lock file references unrelated skill -5

.clawhub/lock.json contains a reference to 'academic-research-hub' skill which is unrelated to this SAP FICO skill. This appears to be an artifact of the ClawHub installation system rather than intentional by the skill author. No security impact.

INFO Model routing instruction in skill.json 0

skill.json specifies model_override to 'deepseek-chat' with fallback to 'deepseek-coder' for ABAP code detection. This is a configuration directive for the OpenClaw platform, not a prompt injection. It routes queries to appropriate models based on content type.