ClawHub

Clawhub Package Full

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Odoo connector, but it can directly change live ERP data and auto-create records without built-in confirmation safeguards.

Install only with a least-privilege Odoo API user and preferably in a test database first. Treat natural-language write commands as live business operations, especially invoice posting, order confirmation, stock receipt, HR actions, and smart actions that auto-create records. Configure a webhook secret before exposing the webhook server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises full ERP control, 80+ operations, and 'smart actions' that automatically create missing customers/products, but it does not prominently warn that natural-language commands can directly modify live business records. In an ERP context, silent or unexpected writes can cause financial, inventory, and operational integrity issues, especially if users assume the connector is primarily read-only or advisory.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The HR examples normalize creation and querying of employee records and expense actions without any warning about handling sensitive personnel data, role-based access, or privacy obligations. In a chat-driven interface, this increases the risk that operators expose or modify regulated employee information without understanding the access-control and audit implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is positioned as autonomous control over a full ERP stack, including HR, accounting, purchasing, inventory, and manufacturing, but does not prominently warn that natural-language requests may trigger destructive, financial, or privacy-sensitive actions. In this context, broad actionability without safety boundaries increases the risk of accidental order creation, employee-data exposure, inventory changes, or financial record manipulation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented smart-action flow auto-creates customers, vendors, products, projects, and other records based on fuzzy name matching, but does not warn users that ambiguous prompts can create incorrect or duplicate business records. In an ERP context this is especially dangerous because one mistaken match or auto-created object can cascade into quotes, purchase orders, invoices, inventory movements, and reporting errors.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code automatically creates a new Odoo partner when a fuzzy search does not find a match, with no confirmation, approval gate, or dry-run mode. In an ERP context this can silently alter business data, create unintended vendors/customers due to ambiguous names or typos, and trigger downstream purchasing, invoicing, or workflow actions based on incorrect master records.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# http.server — built-in Python

# Optional: for .env file support
python-dotenv>=1.0.0

# Testing
pytest>=7.4.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0

# Testing
pytest>=7.4.0
pytest-cov>=4.1.0
pytest-mock>=3.12.0
Confidence
91% confidence
Finding
pytest>=7.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Testing
pytest>=7.4.0
pytest-cov>=4.1.0
pytest-mock>=3.12.0
Confidence
91% confidence
Finding
pytest-cov>=4.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Testing
pytest>=7.4.0
pytest-cov>=4.1.0
pytest-mock>=3.12.0
Confidence
91% confidence
Finding
pytest-mock>=3.12.0

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
88% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
83% confidence
Finding
pytest

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal