Back to plugin

Security audit

Odoo

Security checks across malware telemetry and agentic risk

Overview

The artifacts describe a coherent Odoo connector, but it will act with your Odoo credentials, can automatically post or update configured Odoo records, and persists queued messages locally.

Before installing, treat this as a business-system integration with real Odoo authority: use a dedicated least-privilege Odoo API user, keep the webhook secret strong and private, restrict routes to safe methods, make custom methods idempotent, and secure the OpenClaw state directory and telemetry backend.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/channel.ts:296
Evidence
password: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/index.ts:55
Evidence
password: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/tools.ts:26
Evidence
password: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
tests/dispatch.test.ts:154
Evidence
password: [REDACTED],