v1.0.1

Odoo Assistant Store Manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

This appears to be a real Odoo store-management skill, but it deserves review because it can change ERP inventory/products and includes an optional long-running Discuss bot that can trigger CLI actions.

GuidanceInstall only if you are comfortable giving the agent access to an Odoo account that can affect store operations. Prefer a dedicated least-privilege account, test in staging, require confirmation for stock/product changes, and do not run the Discuss listener unless you have restricted and monitored who can trigger it.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

python3 src/odoo_manager.py update_stock --ref "NAME OR BARCODE" --qty 10 ... python3 src/odoo_manager.py add_product --name "…" --price 9.95 --qty 5

These documented commands can mutate Odoo inventory and product records. The skill does not show an explicit confirmation or preview requirement before an agent performs these high-impact business actions.

User impactAn agent using this skill could change store stock levels or create products in the connected Odoo system.

RecommendationUse a least-privilege Odoo account, test on a staging database first, and require explicit user confirmation before running stock or product mutation commands.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Optional listener: `src/odoo_listener.py` polls Odoo Discuss and runs CLI commands. Long-running, privileged. Only run if the user requests it

The skill discloses a persistent, privileged listener. It is optional and user-requested, but users should notice that it can keep operating until stopped.

User impactA background bot could continue reading Discuss messages and taking actions after the initial task if left running.

RecommendationStart the listener manually only for a defined period, monitor it, and stop it when not actively needed.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Version: 1.0.1

The registry metadata lists version 1.0.1, while SKILL.md and skill.json declare version 1.1.0. This is a packaging/provenance inconsistency rather than direct malicious behavior.

User impactUsers may be unsure which version they are installing or reviewing.

RecommendationAlign the registry version, SKILL.md, and skill.json before publishing or installing.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

skill.json

"ODOO_USER" ... "ODOO_PASSWORD", "description": "Password or API key; ODOO_PASS is accepted as an alias"

The skill requires Odoo account credentials, which is expected for this purpose. However, the registry metadata provided for evaluation says required env vars and primary credential are none, reducing install-time visibility.

User impactThe skill needs access to an Odoo account whose permissions may include sales, stock, products, messages, and other ERP data.

RecommendationProvide only a dedicated least-privilege Odoo API key or account, and update registry metadata so users see the credential requirement before installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

src/odoo_listener.py

cmd = ["python3", script_path] + shlex.split(command_args) ... while True: ... ['message_type', '=', 'comment'] ... is_channel_chat = model == 'discuss.channel'

The listener continuously polls Odoo comments/channels and has a helper that runs the manager CLI. The visible artifacts do not show a clear channel allowlist, user allowlist, or per-command approval boundary.

User impactIf the listener is enabled, messages in Odoo Discuss could become a path to trigger privileged ERP operations.

RecommendationRun the listener only when needed, restrict it to specific trusted channels/users, log all actions, and require confirmation for mutating commands.