Odoo Reporting

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed read-only Odoo reporting tool that handles sensitive financial data locally and through the user’s configured Odoo instance.

Install only with a dedicated read-only Odoo user or API key, avoid admin credentials, keep the .env file private, use HTTPS without --insecure, and treat generated reports as sensitive local files that may need cleanup or access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation indicates access to environment variables, local file read/write, and network connectivity, yet the finding says no permissions are declared. That mismatch is security-relevant because it can cause the host or reviewers to underestimate the skill's ability to read secrets from .env, contact remote Odoo endpoints, and persist sensitive business data locally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The stated purpose is a read-oriented Odoo reporting skill, but the documented behavior expands into raw RPC execution, AI-driven querying, anomaly detection, forecasting, and standards-based reporting. This broader functionality increases attack surface and can let users or upstream prompts invoke unexpected operations against sensitive ERP data, especially via generic RPC pathways that are harder to constrain safely.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The `rpc-call` command exposes raw arbitrary model/method execution against Odoo, which materially exceeds the skill's stated reporting/query scope. In an agent setting, this can enable unauthorized state-changing operations, data exfiltration, or invocation of dangerous methods if a prompt or upstream component can influence the command and payload.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The ask() method forwards recent accounting moves and cash-balance data to an AI component for natural-language processing without any visible consent, minimization, or assurance that the AI runs locally. In a finance/Odoo skill, this context can contain sensitive business and customer financial data, so sending it to an external or less-trusted AI layer creates a real confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The anomaly-report function sends posted accounting move data to the AI layer, including transaction names, partners, totals, dates, and references, with no visible disclosure or trust-boundary enforcement in this file. Because this skill is specifically designed to process Odoo financial records, the transmitted data is likely sensitive and could expose invoices, counterparties, and business activity if the AI backend is external or improperly governed.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code writes generated financial statement PDFs to a predictable local path on disk without any visible consent, retention control, or access restriction in this file. Because these reports contain sensitive financial data, silent persistence increases the risk of unintended disclosure to other users, processes, backups, or later support/debug access on the host.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The balance-sheet path is also written to a predictable disk location without disclosure or safeguards, and balance sheets are especially sensitive because they expose assets, liabilities, and equity. In an agent skill context that handles Odoo accounting data, this creates a realistic confidentiality risk if the runtime environment is shared, logged, backed up, or later inspected.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This code generates WhatsApp card images and a PDF containing sensitive financial information such as liquidity, burn rate, and working capital, but it does not enforce any disclosure, consent, classification, or output-handling safeguards before writing those artifacts. In an autonomous CFO/Odoo context, these files may persist on disk, be shared onward, or be exposed through logs, caches, or downstream integrations, increasing the risk of confidential business data leakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal