v1.1.0

Clawhub Package Full

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

This does not look like malware, but it gives an AI broad, credentialed control over an Odoo business system without clear approval or scoping guardrails.

GuidanceReview carefully before installing in a real Odoo environment. If you use it, create a dedicated least-privilege Odoo API user, test in a sandbox first, enable audit logging and backups, and require human confirmation for financial, HR, inventory, ecommerce publishing, approval, or deletion actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

odoo_skill/client.py

def execute(self, model: str, method: str, *args: Any, **kwargs: Any) ... def create(self, model: str, values: dict) ... def write(...) ... def unlink(...)

The client exposes generic Odoo RPC execution plus create, update, and delete operations. For an ERP connector this is purpose-aligned, but it is broad mutation authority and the artifacts do not show approval gates or scoped safeguards.

User impactA mistaken or ambiguous instruction could create, change, or delete important business records in Odoo.

RecommendationUse a least-privilege Odoo API account, start in a test database, and require explicit human confirmation for posting invoices, confirming orders, deleting records, publishing products, approving leave, or other irreversible actions.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

All operations use **smart actions** that handle fuzzy matching and auto-creation workflows.

Fuzzy matching and auto-creation can be useful, but in an ERP system a wrong match or auto-created customer/product/order can propagate into sales, inventory, invoices, HR, or ecommerce workflows.

User impactThe agent could act on the wrong customer, product, order, or employee if names are ambiguous.

RecommendationRequire disambiguation and preview of matched records before creating or updating ERP data, especially for financial, inventory, HR, and public website actions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The package includes substantial Python source code, but the registry metadata does not provide a verified source or install contract. SKILL.md lists a GitHub repository, which users should verify.

User impactUsers have less registry-level assurance about where the packaged code came from.

RecommendationVerify the repository and package contents before installing, and prefer signed or clearly sourced releases for production ERP access.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

odoo_skill/config.py

if not self.api_key: errors.append("ODOO_API_KEY is required ...") ... username=os.environ.get("ODOO_USERNAME" ... api_key=os.environ.get("ODOO_API_KEY"

The code requires credentialed Odoo account access, while the registry metadata declares no required environment variables and no primary credential. That under-declares the privilege boundary users are granting.

User impactInstalling users may not realize the skill needs an Odoo API key that can expose and modify business, financial, HR, and customer data according to that account's permissions.

RecommendationDocument the required Odoo credentials in metadata, use a dedicated limited-scope API user, and avoid using administrator credentials.