High-risk tools in MCP SAP GUI Server
28 of the 57 tools in MCP SAP GUI Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
sap_execute_transactionExecutesap_execute_transaction
-
sap_click_tree_linkExecuteClick a hyperlink in a tree node item.
-
sap_collapse_tree_nodeExecuteCollapse a folder node in a tree control
-
sap_connectExecutesap_connect
-
sap_connect_existingExecuteConnect to an already open SAP session. Use this when SAP is already logged in.
-
sap_disconnectExecuteDisconnect from the current SAP session and release the binding.
-
sap_double_click_cellExecuteDouble-click a cell in a table/grid (often opens details or drills down).
-
sap_double_click_tree_itemExecuteDouble-click a specific item (column cell) in a tree node row.
-
sap_double_click_tree_nodeExecuteDouble-click a node in a tree control (often opens details or drills down).
-
sap_expand_tree_nodeExecuteExpand a folder node in a tree control to reveal its children.
-
sap_handle_popupExecutesap_handle_popup
-
sap_press_alv_toolbar_buttonExecutePress a toolbar button on an ALV grid (e.g., sort, filter, export).
-
sap_press_buttonExecutePress a button on the current SAP screen.
-
sap_press_column_headerExecuteClick a column header in an ALV grid (triggers sort). Does NOT work on GuiTableControl.
-
sap_scroll_table_controlExecuteScroll a GuiTableControl to a specific row position.
-
sap_select_all_rowsExecuteSelect all rows in an ALV grid. Does NOT work on GuiTableControl.
-
sap_select_alv_context_menu_itemExecutesap_select_alv_context_menu_item
-
sap_select_checkboxExecuteSelect or deselect a checkbox on the current SAP screen.
-
sap_select_combobox_entryExecuteSelect an entry in a combobox/dropdown by its key or display value text.
-
sap_select_menuExecuteSelect a menu item from the menu bar or a submenu.
-
sap_select_multiple_rowsExecuteSelect multiple rows at once in an ALV grid or table control.
-
sap_select_radio_buttonExecuteSelect a radio button on the current SAP screen.
-
sap_select_tabExecuteSelect a tab in a tab strip control.
-
sap_select_table_rowExecuteSelect a row in a table/grid.
-
sap_select_tree_nodeExecuteSelect a node in a tree control.
-
sap_send_keyExecuteSend a keyboard key.
-
sap_set_current_cellExecuteSet the current (focused) cell in an ALV grid or table control.
-
sap_set_focusExecuteSet focus to any screen element by its ID.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.