74
/ 100
8 days ago
npm

arc-1

ARC-1 — MCP Server for SAP ABAP Systems

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 8 credentials: ARC1_AUTHZ_ADMIN_KEY, ARC1_AUTHZ_DEV_KEY, ARC1_AUTHZ_SQL_KEY, ARC1_AUTHZ_VIEWER_KEY, NPL_PASSWORD, SAP_BTP_SERVICE_KEY, SAP_PASSWORD, TEST_SAP_PASSWORD
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configARC1_ALLOWED_ORIGINSOpt-in CORS for browser MCP clients — (comma-separated, exact match). Off by default; native MCP clients don't need it
configARC1_API_KEYS
🔐 secretARC1_AUTHZ_ADMIN_KEY
🔐 secretARC1_AUTHZ_DEV_KEY
configARC1_AUTHZ_MCP_URL
🔐 secretARC1_AUTHZ_SQL_KEY
🔐 secretARC1_AUTHZ_VIEWER_KEY
configARC1_AUTH_RATE_LIMIT
configARC1_HTTP_ADDR
configARC1_LOG_HTTP_DEBUG
configARC1_MAX_CONCURRENT
configARC1_OAUTH_DCR_TTL_SECONDS
configARC1_PLUGINS
configARC1_PORT
configARC1_PUBLIC_URL
configARC1_RATE_LIMIT
configARC1_UI
configARC1_UI_PORT
configBROWSER
configE2E_MCP_URL
configGITHUB_STEP_SUMMARY
configNPL_CLIENT
🔐 secretNPL_PASSWORD
configNPL_URL
configNPL_USER
configPROGRAMFILES
configPROGRAMFILES(X86)
configSAP_ALLOWED_PACKAGES
configSAP_ALLOWED_TRANSPORTS
configSAP_BTP_DESTINATION
configSAP_BTP_PP_DESTINATION
🔐 secretSAP_BTP_SERVICE_KEY
configSAP_BTP_SERVICE_KEY_FILE
configSAP_CLIENT
configSAP_COOKIE_FILE
configSAP_COOKIE_STRING
configSAP_DENY_ACTIONSAction deny list — block specific tool actions with (for example SAPWrite.delete), without exposing low-level operation codes to admins
configSAP_HTTP_ADDR
configSAP_INSECURE
configSAP_LANGUAGE
configSAP_OIDC_CLOCK_TOLERANCE
🔐 secretSAP_PASSWORD
configSAP_PP_STRICT
configSAP_URL
configSAP_USER
configTEST_FILE_PARALLELISM
configTEST_SAP_CLIENT
configTEST_SAP_INSECURE
configTEST_SAP_LANGUAGE
🔐 secretTEST_SAP_PASSWORD
configTEST_SAP_URL
configTEST_SAP_USER
configVCAP_APPLICATION
configVCAP_SERVICES
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/arc-1-7e2uys)](https://m8ven.ai/mcp/arc-1-7e2uys)
commit: fd2bbc3a891eaceabc87667f070e4457115cadf7
code hash: d047b977fae134d797c932b7f878104d0ccbf6d1807895783a1215c5dd77d3b4
verified: 7/1/2026, 9:56:49 AM
view raw JSON →