Odoo Manager Bm

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about managing Odoo, but it gives an agent broad ability to create, edit, and delete business records without enough documented safeguards.

Install only if you intend to let an agent operate real Odoo data. Use a dedicated least-privilege Odoo account, avoid admin credentials, verify the URL and database before every write or delete, require explicit approval for create/update/delete actions, and reset session context after sensitive work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly promotes create, update, delete, and bulk modification flows against arbitrary Odoo models, including production and multi-instance contexts, but does not document any confirmation step, dry-run mode, environment safeguards, or warnings about live-data impact. In an agent skill, this increases the chance of accidental destructive actions or unintended writes to the wrong database, especially because context can be switched dynamically and persisted across requests.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README describes transmitting credentials, API keys, and business records to remote Odoo instances over XML-RPC, but the user-facing introduction lacks a clear privacy and data-handling warning. Because the skill supports arbitrary model access and dynamic instance switching, users may unknowingly send sensitive data or secrets to third-party, staging, or attacker-controlled endpoints if context is mis-set.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents create, update, and delete operations against arbitrary Odoo models, including `unlink`, but does not require confirmation, preview, or guardrails before destructive actions. In a conversational agent context, ambiguous prompts, prompt injection, or user error could trigger irreversible modifications to production business data across dynamically switchable instances and databases.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal