Odoo Reporting
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: odoo-openclaw-skill Version: 2.0.5 The OpenClaw Odoo skill is classified as benign. It explicitly enforces read-only access to the Odoo ERP system through robust client-side method blocking in `src/connectors/odoo_client.py`, preventing any `create`, `write`, or `unlink` operations. All generated reports (PDFs, Excel, WhatsApp cards) are stored locally within the skill's `output/` directory, with no evidence of data exfiltration to unauthorized external endpoints. Network access is confined to the configured Odoo instance and a benign version check. Instructions in `SKILL.md` and `README.md` consistently promote safe agent behavior, emphasizing user confirmation and adherence to read-only policies. The use of `OpenClawIntelligence` for AI analysis is explicitly stated to be routed through the 'OpenClaw native local agent runtime', mitigating concerns about data leakage to third-party AI services.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the skill can only run after explicit manual invocation, while the registry allows normal model invocation based on the skill description.
The runtime metadata contradicts the skill's stated safety policy. Because the skill handles sensitive Odoo financial data, a false invocation-boundary claim could cause users to overtrust when and how the agent may use it.
metadata: "disable-model-invocation: false"; SKILL.md: "Model invocation is DISABLED ... it must be explicitly invoked by the user."
Either set the actual policy to disable model invocation or update the documentation to accurately describe when the agent may invoke the skill.
Installing users may not realize the skill needs credentials that can read sensitive company accounting, customer, order, and payment data.
The skill requires a sensitive Odoo password/API key, but the registry contract does not declare any credential or environment-variable requirement. This under-declares account access to a financial ERP system.
metadata: "Required env vars: none ... Primary credential: none"; SKILL.md: "ODOO_PASSWORD | Odoo password or API key | Yes"
Declare the Odoo credential requirements in metadata, use a dedicated read-only Odoo user/API key, and limit that account to the needed companies and models.
If AI features are enabled, invoice/payment references, partner data, amounts, and cash balances could be included in prompts or context handled by code that is not included for review.
The AI query path passes Odoo financial records and account balances into an AI component. The referenced `src.logic.openclaw_intelligence` implementation is not present in the manifest, so the actual agent boundary, retention, and routing behavior cannot be verified from the supplied artifacts.
context = {"recent_moves": self.client.search_read('account.move', ... limit=20), "cash_flow": self.client.search_read('account.account', ...)}; return self.ai.natural_language_query(query, context)Include the missing AI helper for review, document whether data remains local and whether it is retained, and make AI analysis explicitly opt-in for sensitive financial records.
Running setup will execute a shell script and install packages into a virtual environment, and it may test the Odoo connection if a .env file already exists.
The formal install metadata says there is no install spec, but the skill documentation instructs users to run a local shell installer that downloads Python packages. This is expected for the tool, but it is under-declared in the install contract.
install spec: "No install spec"; SKILL.md: "./install.sh"; install.sh: "./venv/bin/pip install -r requirements.txt"
Review the install script before running it, prefer a locked dependency file for production, and align the registry install metadata with the documented setup.
The skill can read a wide range of Odoo business data available to the configured account, even if it is designed not to modify it.
The Odoo client exposes broad read operations across ERP models but includes explicit client-level blocks for common mutating methods. That makes the behavior purpose-aligned, while still worth noticing because the read scope is broad.
SAFE_METHODS = {"search", "search_read", "read", ...}; BLOCKED_METHODS = {"create", "write", "unlink", ...}; raise PermissionError("Blocked mutating method")Use least-privilege Odoo permissions and verify the configured account only has the read access needed for the reports you intend to generate.