Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Odoo
v1.0.0Full-featured Odoo 17/18/19 ERP connector for OpenClaw — Sales, CRM, Purchase, Inventory, Projects, HR, Fleet, Manufacturing (80+ operations, TypeScript plug...
⭐ 1· 601·0 current·0 all-time
byLê Anh Tuấn@tuanle96
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md advertises a full-featured Odoo 17/18/19 connector (XML-RPC/TypeScript, 80+ operations). However, the registry metadata declares no required environment variables, no primary credential, and no install spec. A connector of this scope normally requires explicit configuration (Odoo URL, database name, username/password or API key) and/or an install procedure; the absence is an inconsistency.
Instruction Scope
This is an instruction-only skill (SKILL.md). The file references a GitHub repo and an 'npx clawhub install openclaw-odoo' command. Because we only saw the start of the SKILL.md, it's unclear whether the instructions require the agent to read local files or system state, but the visible instructions do instruct fetching code from external sources and will need Odoo credentials at runtime. The SKILL.md may therefore prompt users to supply credentials in chat — that behaviour is expected for connectors but should be explicitly documented and minimized (use least-privilege credentials).
Install Mechanism
No install spec is declared in the registry, yet the SKILL.md directs users to install via 'npx clawhub install' and points at a GitHub repository. That means installation (and execution of remote code) would happen outside the registry-managed install metadata. Fetching and running code from an external repo via npx/GitHub is higher risk and should be explicit in metadata; the mismatch between 'no install' and an install command in the docs is concerning.
Credentials
A connector that can create invoices, employees, manufacturing orders, etc., requires broad write access to an Odoo instance. The registry declares no required credentials or primaryEnv even though such credentials are necessary to function. This omission could lead the agent to request credentials interactively (chat/prompt) or to perform unexpected network installs; both create opportunities for credential exposure or privilege escalation if users supply admin-level credentials in chat.
Persistence & Privilege
The skill is not marked always:true and uses the platform defaults for invocation. It does not request persistent presence or system-wide configuration changes in the metadata. Note: autonomous invocation (disable-model-invocation=false) is allowed by default — combine that with broad Odoo access at runtime only if you trust the skill.
What to consider before installing
This skill looks like a real Odoo connector, but the metadata and SKILL.md are inconsistent. Before installing or using it: 1) Verify the referenced GitHub repository yourself — review the code and installation steps rather than blindly running npx. 2) Do not paste production admin credentials into chat; create a least-privilege Odoo account or a dedicated test instance for initial evaluation. 3) Prefer installing and running the connector in a sandbox/test environment first. 4) Ask the skill/maintainer how credentials are stored and whether any code is downloaded/executed at runtime; if installation will fetch code via npx/GitHub, treat it as code execution from an external source. 5) If you need to proceed, restrict the connector's account permissions (e.g., read-only where possible) and audit actions it performs. If you want, provide the full SKILL.md and I can review the remaining instructions for additional red flags.Like a lobster shell, security has layers — review code before you run it.
latestvk9755mcmacbn7hyzsr79t38jkd81q847
License
MIT-0
Free to use, modify, and redistribute. No attribution required.