huo15-odoo-v2

The skill appears to implement an Odoo XML-RPC helper, but there are inconsistencies about where credentials are collected/stored and several risky behaviors (disabling SSL verification, calling a local helper via subprocess, storing credentials in user files) that warrant caution before installing.

Before installing or entering credentials, verify the following with the skill author: (1) Where exactly will username/password be stored (global ~/.openclaw/openclaw.json vs per-agent ~/.openclaw/agents/{agentId}/odoo_creds.json)? Are those credentials encrypted or access-controlled? (2) Why does the init form request user/password if SKILL.md says passwords are agent-local? (3) Provide the helper script ~/.openclaw/workspace/scripts/odoo_config.py (or explain how it is installed) — avoid running unknown local scripts via subprocess. (4) Understand and, if possible, avoid skipping SSL verification; ask for a fix or for certificate pinning. (5) If you must provide credentials, prefer a least-privilege service account and rotate credentials after testing. If the author cannot clarify these points or provide the missing helper code and secure storage details, treat the skill as risky and do not provide production credentials.