Odoo JSON2 Operator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: odoo-json2-operator Version: 2026.2.18 The skill is classified as suspicious due to several critical security vulnerabilities. The `scripts/odoo_json2_client.py` script is designed to persist Odoo API keys in plaintext within `scripts/connections.json` for local reuse, which is a significant security risk. Furthermore, the provided `scripts/connections.json` file contains a hardcoded, live-looking API key (`514b11fd04511ef34bdbdceb66a226bd03d74954`) for `odoo19c.ylhctec.com`, which constitutes a direct credential leak within the skill bundle itself. The `SKILL.md` instructions also contain contradictory guidance regarding API key persistence, creating a prompt injection vulnerability where the agent might be instructed to store sensitive credentials despite a 'never persist' guardrail.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill could cause the agent to act through a preloaded Odoo account rather than only a user-provided account, and the bundled key may be exposed to anyone who can read the skill files.
A non-placeholder Odoo host, database, and bearer API key are bundled with the skill even though the registry metadata declares no primary credential.
"odoo19c": { "base_url": "https://odoo19c.ylhctec.com", "database": "odoo19c", "api_key": "514b11fd...<redacted>" }Remove the bundled profile, revoke or rotate the exposed API key, and require users to provide their own least-privilege Odoo credentials through a declared credential mechanism.
A saved profile could be reused later without the user realizing which Odoo system or credential is being used.
The skill intentionally stores sensitive connection state and reuses it across sessions, which can expose API keys and may make later tasks operate against a stale, unintended, or tampered profile.
Persist successful connections locally as named profiles containing `base_url`, `database`, and `api_key`. Reuse saved profile by default in later turns
Store secrets in a secure credential store, require explicit profile selection for high-impact operations, and provide clear controls to list, update, and delete saved profiles.
Users may provide API keys believing they will not be saved, when the skill is designed to save them locally.
The skill gives contradictory safety guidance about API key persistence, while the included code/profile artifacts show API keys are stored in files.
Persist successful connections locally as named profiles containing `base_url`, `database`, and `api_key` ... Never log or persist API keys in files
Make the documentation match the implementation: either stop persisting API keys or clearly disclose plaintext/local persistence and its risks.
A mistaken request, wrong profile, or overly broad payload could change important Odoo business data.
The broad Odoo operation surface is disclosed and purpose-aligned, but it can modify or delete business records and run custom server-side methods.
query or mutate Odoo data (search, read, create, write, unlink, or custom model methods)
Use least-privilege API keys, preview matching records, and require explicit user confirmation before create, write, unlink, or custom mutation methods.