Back to skill

Security audit

huo15-odoo-v2

Security checks across malware telemetry and agentic risk

Overview

This Odoo integration is not malicious, but it asks for live ERP credentials and documents insecure connection and broad activation patterns that users should review before installing.

Install only if you trust the publisher and can use a least-privilege Odoo account. Do not use production credentials unless TLS verification is fixed or certificate trust is handled safely, and confirm where the password is stored and who can read the ~/.openclaw files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger configuration uses fuzzy matching on very common terms like 'odoo', '辉火云', and '辉火', which can cause the skill to activate unintentionally in unrelated conversations. In this skill, accidental activation is more dangerous because the documented workflows involve credential prompting and authenticated ERP operations, increasing the chance of unnecessary exposure of secrets or unintended business actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to store Odoo usernames and passwords in local files without documenting protections such as filesystem permissions, encryption, secret-store usage, rotation, or redaction. Because these credentials enable live ERP access, compromise of the agent host or local workspace could expose sensitive business data and permit unauthorized modification.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code explicitly disables hostname verification and certificate validation by setting check_hostname to False and verify_mode to ssl.CERT_NONE. This makes the XML-RPC connection vulnerable to man-in-the-middle interception, allowing attackers on the network path to steal Odoo credentials, read sensitive ERP traffic, or tamper with requests and responses.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list is unusually broad for a privileged integration skill and includes generic business terms like 项目, 任务, 工时, 库存, 销售, docker, and 部署. This can cause the skill to activate on many unrelated user requests, increasing the chance that stored Odoo credentials are used in the wrong context or that the skill intercepts prompts meant for other tools, leading to unintended data access or actions.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.