Back to skill
Skillv1.1.2
ClawScan security
Openclaw Skill for Odoo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 17, 2026, 10:38 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a full Odoo connector, but the package metadata and runtime declarations do not match what the code actually requires (missing declared credentials and config expectations), so review and caution are warranted before use.
- Guidance
- This skill contains a full Python Odoo connector and legitimately needs Odoo credentials (URL, DB, username, API key). However the skill metadata incorrectly declares no required environment variables/primary credential — treat that as a packaging inconsistency. Before installing: (1) review the linked GitHub repo and confirm it matches the packaged code; (2) don't provide high-privilege Odoo admin credentials—create a limited API user with minimal permissions for the actions you need; (3) be aware the skill can run a webhook server (bind to a port) and a background poller — run it in a controlled environment or sandbox if you have network/port concerns; (4) if you store credentials in config.json, ensure the file is secured and not world-readable; (5) if anything about the source or provenance looks unfamiliar, inspect the full code (especially sync/webhook.py and any networking bits) or run it in an isolated test Odoo instance first.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (Odoo ERP connector) matches the code: it includes an XML-RPC client, model operation classes, smart actions, webhook server and poller. However the registry metadata declares no required environment variables or primary credential, while the code (odoo_skill/config.py and other modules) requires ODOO_URL, ODOO_DB, ODOO_USERNAME and ODOO_API_KEY (and optionally ODOO_WEBHOOK_SECRET, ports, timeouts). This mismatch between claimed requirements and actual code is an inconsistency that could confuse users or lead to credential misconfiguration.
- Instruction Scope
- noteSKILL.md instructs users to install the skill and put Odoo credentials in a config.json (or set environment variables). The runtime instructions and code operate only on the Odoo server (XML-RPC) and local config; there is no evidence in the provided excerpts of the skill instructing the agent to read unrelated system paths or exfiltrate data to external endpoints other than the configured Odoo URL. Note: the skill also includes a webhook server and a background poller (real-time sync) which will open/listen on a port and accept inbound requests if enabled — that increases its runtime surface and should be considered when deploying.
- Install Mechanism
- noteThere is no formal install spec in the registry (no brew/npm/download), and the skill bundle includes full Python source files. That is lower-risk than arbitrary remote code download, but the metadata labeling this as 'instruction-only' while including a 25-file Python package is misleading. The bundle appears self-contained (no external install URL), and requirements.txt lists only optional/dev dependencies; no suspicious external installers or remote-extract URLs were found in the provided material.
- Credentials
- concernThe registry claims no required env vars/credentials, but the code requires ODOO_URL, ODOO_DB, ODOO_USERNAME and ODOO_API_KEY (and supports ODOO_WEBHOOK_SECRET, ODOO_TIMEOUT, etc.). Requesting Odoo API credentials is proportionate for an ERP connector, but the failure to declare them in the skill metadata is a significant packaging inconsistency. Also note the config loader will accept credentials from a config.json stored in the skill directory, which means secrets could be persisted on disk in the skill folder if the user follows the README example.
- Persistence & Privilege
- okThe skill does not request 'always: true' or other elevated platform privileges. It is user-invocable and may be invoked autonomously (platform default). The included webhook server and poller add runtime persistence (binding to a port, background polling), but they operate within the skill itself and do not modify other skills or global agent configurations. Consider network and port exposure implications when enabling webhooks or the poller.