Back to skill

Security audit

Openclaw Odoo Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Odoo ERP connector, but it needs review because it can make broad live business changes from natural-language prompts without clear confirmation safeguards.

Install only if you intentionally want OpenClaw to control Odoo data. Use a sandbox first, configure a dedicated least-privilege Odoo API user, disable or protect webhooks with a strong secret, avoid production auto-create workflows unless you add confirmation gates, and require human review before financial, HR, inventory, publish, delete, or receipt-validation actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The module docstring states the component provides read-only access, but the implementation includes publish_product() and unpublish_product() methods that perform write operations against product.template. This mismatch can mislead reviewers, operators, or downstream policy engines into granting or invoking the skill under the false assumption that it is non-mutating, increasing the risk of unauthorized or unexpected changes to website product visibility.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README markets broad natural-language control over ERP modules and highlights create/update capabilities, but it does not prominently warn that using these commands can immediately modify live business records. In an ERP context, undocumented write behavior can cause accidental creation or alteration of customers, orders, inventory, HR, or financial data, especially when users may assume a read-only assistant-like experience.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Smart Actions section explicitly describes fuzzy matching and automatic creation of missing customers and products, yet it does not warn that ambiguous natural-language input can create unintended business records. In a production ERP, this can lead to silent data integrity issues, incorrect customers/products being used, downstream order errors, and operational or financial disruption.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill is marketed as enabling autonomous chat-driven control over business modules, but the documentation does not prominently warn that ordinary language prompts can create, modify, confirm, post, or publish real ERP records. This can lead users to trigger destructive or financially significant actions without realizing they are acting on production data. The danger is amplified here because the connector spans sensitive domains such as accounting, HR, inventory, and manufacturing.

Missing User Warnings

High
Confidence
95% confidence
Finding
The smart-action find-or-create workflow will automatically create customers, vendors, products, projects, departments, and similar records when fuzzy matching fails or is ambiguous, yet the documentation frames this as a convenience feature rather than a risky state-changing behavior. This is dangerous because ambiguous natural-language requests can silently pollute master data, create fraudulent or incorrect records, and cascade into downstream financial, procurement, inventory, or CRM actions. In an ERP context, accidental record creation can have broad operational and audit consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document describes automatic cleanup that deletes records created during integration tests, and notes that failed runs may leave partial test data behind, but it does not present a prominent warning about deletion risks or advise using an isolated non-production Odoo instance. In an ERP context, running these steps against a live environment could remove or leave behind business records, causing data integrity issues and operational disruption.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This handler performs numerous state-changing operations with find-or-create behavior, including creating partners, products, quotations, invoices, purchase orders, employees, departments, projects, tasks, and calendar events, and even modifies existing partners by setting supplier_rank. Because these actions are driven from fuzzy natural-language inputs and there is no explicit confirmation, dry-run, scope restriction, or permission guard in this layer, an agent can make unintended ERP changes from ambiguous or manipulated prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The webhook server accepts unauthenticated POST requests whenever the shared secret is left empty, because signature verification is conditional on `self.webhook_secret`. In this ERP integration context, that allows any network-reachable party to forge Odoo events and trigger registered callbacks, which could cause unauthorized sync actions, state changes, or downstream business logic execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises broad natural-language ERP control and live create/update capabilities across core business modules without prominent warnings that commands may modify production business data. In an ERP context, ambiguous or mistaken prompts can create, alter, or confirm records such as orders, invoices, inventory, and HR entries, leading to operational and financial harm even if the functionality is intentional.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Smart Actions section explicitly states that missing customers and products are auto-created based on fuzzy matching, but it does not warn users about unintended record creation or mis-association. In business systems, fuzzy matching plus automatic creation can silently pollute master data, create incorrect counterparties/products, and trigger downstream sales, inventory, or accounting errors.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill prominently advertises the ability to create and modify ERP records across sensitive business domains, but it does not clearly warn users that natural-language requests can trigger real, persistent changes. In an ERP context, silent write capability can lead to accidental creation of orders, invoices, HR records, or inventory changes from ambiguous prompts, causing operational and financial harm.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented smart-action behavior automatically creates missing customers and products based on fuzzy matching and incomplete user input, without a caution about unintended record creation. In a production ERP, this can pollute master data, create fraudulent or erroneous business records, and cascade into downstream purchasing, invoicing, inventory, and reporting errors.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The method performs a state-changing inventory operation by automatically setting received quantities and validating all linked incoming pickings for a purchase order without any built-in confirmation, dry-run, or guardrails. In an agent/integration context, a mistaken or over-broad call can falsely mark goods as received, corrupt inventory and purchasing records, and trigger downstream accounting or workflow actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.