Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Odoo Assistant Store Manager
v1.0.1Odoo ERP via XML-RPC — sales, web orders, stock, products (CLI). Optional Discuss listener.
⭐ 0· 314·0 current·0 all-time
byJuan de la cruz Garrido Rodríguez@crbwi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and environment variables in skill.json / README match the stated purpose (Odoo XML-RPC operations). However the registry metadata provided to you earlier claims no required env vars and the SKILL.md calls this 'instruction-only' despite two substantial Python modules being included; those mismatches are incoherent and should be fixed in the registry before publishing.
Instruction Scope
SKILL.md instructs the agent to run local scripts and only run the optional listener on explicit request, which is appropriate. The listener (src/odoo_listener.py) fetches arbitrary URLs (requests / urllib) and scrapes HTML, and it constructs and runs odoo_manager commands based on Discuss messages. This enables server-side fetching of attacker-controlled URLs (SSRF / internal-network probing) and causes the runtime to execute manager commands derived from external input. While subprocess is invoked without a shell (reducing classic shell-injection), arguments from untrusted messages can still trigger operations (e.g., downloading images, contacting arbitrary endpoints or performing updates).
Install Mechanism
No install spec is provided (lowest install risk). requirements.txt contains only 'requests', which is consistent with the listener. There is no external archive download or unknown install host.
Credentials
The required environment variables in skill.json (ODOO_URL, ODOO_DB, ODOO_USER, ODOO_PASSWORD) are appropriate and expected for an Odoo integration. The inconsistency is that the registry metadata shown to you earlier listed 'Required env vars: none' — that mismatch is a red flag for publishing/metadata hygiene and could lead to accidental deployment without needed secrets or with defaults. Optional vars (BOT partner id, category IDs) are reasonable.
Persistence & Privilege
The skill does not request 'always: true' and will not be force-included. The only higher-privilege behavior is the optional long-running listener, which the SKILL.md and README explicitly mark as 'privileged' and say to run only if requested. Because the listener polls Odoo and can run manager commands autonomously when enabled, it increases blast radius if activated—so it should be started only with deliberate user consent and in controlled environments.
What to consider before installing
This skill appears to implement an Odoo CLI and an optional Discuss listener; functionally coherent but exercise caution before enabling the listener. Before installing or running: 1) Fix the metadata mismatch — ensure the registry lists the required env vars (ODOO_URL/DB/USER/PASSWORD) so you don’t accidentally publish or run without secrets configured. 2) Do NOT run the listener in production unless you explicitly want a long‑running bot that polls Odoo Discuss; test it in a staging environment first. 3) Consider network controls for the runtime ( e.g., block requests to internal IP ranges / metadata endpoints ) because the skill will fetch URLs supplied via messages or product fields (SSRF risk). 4) Run with least-privilege Odoo credentials (avoid admin/root DB user) and rotate keys if re-used. 5) Review the full code locally (already included) and run tests in an isolated environment. If you don’t need automated polling and external-URL scraping, use only the CLI (odoo_manager.py) and avoid setting ODOO_BOT_PARTNER_ID.Like a lobster shell, security has layers — review code before you run it.
latestvk97fmp5qrs08ee1knbvbf3qr31848wp8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.