Linkedin Odoo
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: linkedin-odoo Version: 1.0.0 The skill is designed to automate the retrieval of LinkedIn profile URLs for Odoo contacts using DuckDuckGo search and updating the Odoo database via XML-RPC. The Python script `scripts/update_linkedin.py` uses standard libraries, follows the logic described in `SKILL.md`, and handles Odoo credentials through environment variables without any evidence of data exfiltration, malicious execution, or hidden prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The script acts with the permissions of the supplied Odoo account and can modify contact records.
The skill requires delegated Odoo account credentials. This is expected for updating Odoo records, but those credentials may carry broader CRM permissions than this single-field update needs.
The skill uses Odoo credentials via environment variables... `ODOO_PASSWORD` or `ODOO_API_KEY`
Use a least-privileged Odoo API key or user account limited to the needed contact read/write access, and ensure the required environment variables are clearly configured.
An incorrect search result or unintended contact ID could replace an existing LinkedIn URL in Odoo.
The script intentionally continues and writes a new value even if the contact already has a LinkedIn URL. This is aligned with an updater tool, but it can overwrite existing CRM data without a separate confirmation step.
if partner.get('x_linkedin_url'):
print(f"Partner already has a LinkedIn URL: {partner['x_linkedin_url']}")
# Allow overwrite? Let's just update it anyway or skip? We'll proceed.
...
'res.partner', 'write',
[[partner_id], {'x_linkedin_url': linkedin_url}]Verify the contact ID and found URL before running, and consider changing the workflow to skip or ask for confirmation when x_linkedin_url is already populated.
Contact identity details may be shared with DuckDuckGo as part of the search query.
The workflow sends a contact's name and company to DuckDuckGo to perform the search. This is disclosed and necessary for the skill's function, but it is still an external data flow.
The script will fetch the contact's name and company, run a web search for their LinkedIn profile (`site:linkedin.com/in <Name> <Company>`)... The script uses the `html.duckduckgo.com` search
Use the skill only for contacts where external web searching is acceptable under your privacy or customer-data policies.