ClawHub

Odoo JSON2 Operator

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Odoo automation purpose, but it ships with and reuses a plaintext Odoo API key/profile, which requires user review before installation.

Do not install this skill as-is unless you first remove the bundled connections.json profile and treat the exposed Odoo API key as compromised. Use only your own least-privilege Odoo token, avoid saving API keys in plaintext, confirm the active profile before each operation, and require explicit confirmation before any create, write, unlink, or custom action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The conversation protocol explicitly says to persist successful connections locally as named profiles containing base_url, database, and api_key, which directly contradicts the guardrail forbidding API keys from being logged or persisted in files. Storing bearer credentials on disk creates a high-value secret-at-rest target that can be stolen by local users, malware, backups, logs, or other tools with filesystem access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs saving and reusing connection profiles containing API keys by default, without warning the user that credentials may be stored locally. In the context of an Odoo operator with network access and broad data mutation capability, silent credential retention materially increases the chance of credential leakage, unauthorized reuse, and long-lived compromise of the connected business system.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists bearer API keys in plaintext to scripts/connections.json without any permission hardening, encryption, or user warning. Because this skill is specifically designed to execute authenticated Odoo operations, compromise of that local file would directly expose credentials that can be used to read, modify, or delete business data through the JSON-2 API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal