ClawHub

Odoo Manager

v0.0.1

Manage Odoo (contacts, any business objects, and metadata) via the official External XML-RPC API. Supports generic CRUD operations on any model using execute_kw, with ready-made flows for res.partner and model introspection. Features dynamic instance and database switching with context-aware URL, database, and credential resolution.

8· 2.1k·2 current·4 all-time
by@willykinfoussia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: the skill needs ODOO_URL, ODOO_DB, ODOO_USERNAME and ODOO_PASSWORD (or optional ODOO_API_KEY) which are exactly what an Odoo XML-RPC integration needs.
Instruction Scope
SKILL.md explicitly describes connecting to the Odoo XML-RPC endpoints, authenticating, and calling execute_kw for model operations. It does not instruct reading unrelated files, scanning the host, or sending data to endpoints other than the resolved Odoo URL(s). It also documents context variables and instructs not to expose full secrets when displaying context.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or fetched at install time. This minimizes install-time risk.
Credentials
Requested environment variables are limited to Odoo connection credentials. The primary credential is ODOO_PASSWORD; an optional ODOO_API_KEY is mentioned (not declared as required), which is reasonable. No unrelated secrets or broad credentials are requested.
Persistence & Privilege
Skill does not request always:true and is user-invocable with normal autonomous invocation allowed. It documents ephemeral and session context handling without asking to modify other skills or system-wide agent settings.
Assessment
This skill appears coherent for interacting with Odoo via XML-RPC. Before installing, ensure you: (1) provide an account with least privilege needed for the tasks (avoid using a global admin account), (2) prefer an ODOO_API_KEY scoped to the integration and rotate it regularly, (3) avoid setting temporary_url or user_url to endpoints you don't control (an attacker-provided URL would receive credentials), and (4) avoid pasting secrets into chat history — treat temporary/user context values as sensitive. If you need stronger assurance, request the skill author publish source code or a canonical homepage/repo so you can audit the exact runtime calls and data handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk9733jsf7znw565yk3d2we4y0x80gapb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏢 Clawdis
EnvODOO_URL, ODOO_DB, ODOO_USERNAME, ODOO_PASSWORD
Primary envODOO_PASSWORD

Comments