Odoo
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with live Odoo access, the agent may help change sales, inventory, accounting, or purchasing data.
The skill can guide writes, imports, and changes to sensitive Odoo business records, but it also requires confirmation for the riskiest operations.
Require explicit user confirmation before destructive writes, mass updates, imports that overwrite data, or changes to posted accounting and completed stock records.
Use previews, record counts, staging where possible, and explicit approval before any write, import, accounting, stock, or bulk change.
An agent using a privileged Odoo account could view or modify sensitive company records according to that account's permissions.
The skill does not require credentials to install, but real use may involve delegated Odoo account access with business-changing privileges.
Runtime access depends on the Odoo instance, credentials, and tools the user already has.
Use least-privileged Odoo accounts, prefer staging for risky work, and do not paste passwords, API keys, or session tokens into shared context.
Durable Odoo context such as companies, modules, approval boundaries, and incidents may influence future sessions.
The skill uses persistent local Odoo memory, but it explicitly limits what should be stored and excludes highly sensitive data.
Never store credentials, exports, invoices, payroll data, or copied ledgers
Periodically review ~/odoo/ memory files, keep them limited to stable operating facts, and avoid storing confidential records or instructions copied from untrusted sources.