Openclaw Odoo Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Odoo connector, but it needs review because it can give an agent broad Odoo ERP change/delete authority and auto-create business records from fuzzy requests.
Install this only if you intentionally want OpenClaw to operate your Odoo ERP. Use a test database first, create a dedicated least-privilege Odoo API user, require confirmation before financial/HR/inventory/delete/publish actions, and verify the source/install files before setup.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken prompt, poor match, or over-capable agent action could create, modify, confirm, post, or delete important business records in Odoo.
The connector exposes a generic Odoo XML-RPC execution path plus create, update, and delete helpers. For an ERP system this can affect customers, orders, invoices, employees, inventory, and other high-impact records, and the artifacts do not show a model/method allow-list or mandatory confirmation for dangerous operations.
def execute(self, model: str, method: str, *args: Any, **kwargs: Any) -> Any: ... self.models.execute_kw(... model, method, ...); ... def create(...); def write(...); def unlink(...): return self.execute(model, "unlink", ids)
Use a least-privilege Odoo account, add explicit allow-lists for supported models and methods, and require human confirmation before create/write/delete/post/confirm/publish actions.
A vague or misinterpreted request could create duplicate or incorrect customers, products, quotations, purchase orders, or other downstream business records.
Smart find-or-create behavior can turn one fuzzy or incomplete request into multiple new ERP records across modules. The behavior is disclosed and purpose-aligned, but the artifacts do not show a preview/approval step before creating related records.
The connector automatically handles missing dependencies with fuzzy matching: ... If not found → creates new customer ... If not found → creates product ... Creates quotation linking both
Before auto-creating related records, show proposed matches and new records to the user and require confirmation, especially for financial, inventory, HR, and public eCommerce changes.
The agent will act with the permissions of the configured Odoo user; if that user is an administrator, the agent can affect much of the ERP instance.
The connector requires an Odoo API key and account identity. That is expected for an Odoo integration, but the registry metadata says no required env vars and no primary credential, so users may not see the permission requirement before installation.
api_key=os.environ.get("ODOO_API_KEY", file_values.get("api_key", "")) ... errors.append("ODOO_API_KEY is required ...")Declare the Odoo credential requirement in metadata and configure a dedicated, least-privilege Odoo user limited to the modules and actions the agent should perform.
Users may be unsure which install path or source version is authoritative.
The README references manual install paths and a setup.ps1 installer, while the registry reports no install spec and the provided manifest does not list setup.ps1. This is an install/provenance completeness issue, not evidence of malicious code.
# Windows: Run installer .\setup.ps1 # OR copy manually to OpenClaw skills directory
Provide a complete, pinned install spec or include all referenced setup files, and verify the GitHub source before manual installation.
If enabled, the skill may keep polling Odoo or listening for webhooks after the original chat task is complete.
The skill discloses optional long-running/inbound components. They are not shown to auto-start, but they are persistence-like capabilities if a user enables them.
- ✅ Webhook server for real-time updates (optional feature) - ✅ Background polling for change detection (optional feature)
Only enable polling or webhooks when needed, configure webhook secrets, log activity, and make stopping/cleanup instructions clear.