High-risk tools in Claude For Abap
10 of the 45 tools in Claude For Abap are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
adt_pretty_printExecuteRun the ABAP pretty printer on supplied source code (stateless — no object lookup, no lock).
-
adt_run_atcExecuteRun ABAP Test Cockpit (ATC) on one or more objects. ATC endpoint shape varies across NetWeaver releases.
-
adt_run_atc_packageExecuteRun ABAP Test Cockpit (ATC) over an ENTIRE package via the full ADT worklist flow (create worklist → run → fetch results). Returns parsed findings (check, message, priority, loc...
-
adt_run_atc_transportExecuteRun ABAP Test Cockpit (ATC) over every object in a transport request via the full ADT worklist flow. Resolves the transport
-
adt_run_unit_testsExecuteRun ABAP Unit tests for one or more objects (typically test container classes).
-
adt_release_transportExecuteRelease a transport request. Subject to read-only mode.
-
adt_requestExecuteGeneric ADT REST call — escape hatch for endpoints not covered by a high-level tool. Handles Basic auth, sap-client, cookies, CSRF token automatically. Path is confined to the /...
-
adt_syntax_checkExecuteRun an ADT syntax check on an object. Returns the raw <chkrun:reports> XML. Includes only compile in the context of a main program: for type=include, pass
-
adt_activateExecuteActivate one or more ABAP objects. In multi-developer scenarios where the object
-
adt_schedule_jobExecuteSchedule an ABAP background job (SM36 analog) that runs a report with a variant. WRITE operation — subject to read-only mode. EXPERIMENTAL: no standardized ADT job-scheduling AP...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.