Odoo
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: odoo Version: 1.0.0 The Odoo skill bundle is a well-structured set of instructions and documentation designed to help an AI agent manage Odoo ERP systems safely. It emphasizes a 'read-before-write' approach, requires explicit user confirmation for destructive actions, and includes a dedicated 'Safety Ladder' (safety.md) to prevent data corruption. The skill uses a local directory (~/odoo/) for context persistence but explicitly forbids storing credentials, tokens, or sensitive financial data, and it relies on standard Odoo APIs (XML-RPC/JSON-RPC) for its operations without any evidence of malicious execution or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with live Odoo access, the agent may help change sales, inventory, accounting, or purchasing data.
The skill can guide writes, imports, and changes to sensitive Odoo business records, but it also requires confirmation for the riskiest operations.
Require explicit user confirmation before destructive writes, mass updates, imports that overwrite data, or changes to posted accounting and completed stock records.
Use previews, record counts, staging where possible, and explicit approval before any write, import, accounting, stock, or bulk change.
An agent using a privileged Odoo account could view or modify sensitive company records according to that account's permissions.
The skill does not require credentials to install, but real use may involve delegated Odoo account access with business-changing privileges.
Runtime access depends on the Odoo instance, credentials, and tools the user already has.
Use least-privileged Odoo accounts, prefer staging for risky work, and do not paste passwords, API keys, or session tokens into shared context.
Durable Odoo context such as companies, modules, approval boundaries, and incidents may influence future sessions.
The skill uses persistent local Odoo memory, but it explicitly limits what should be stored and excludes highly sensitive data.
Never store credentials, exports, invoices, payroll data, or copied ledgers
Periodically review ~/odoo/ memory files, keep them limited to stable operating facts, and avoid storing confidential records or instructions copied from untrusted sources.