ClawHub

OpenClaw Odoo

Security checks across malware telemetry and agentic risk

Overview

This Odoo skill is for real ERP control and is disclosed, but it gives an agent broad live business-data write, workflow, auto-create, and delete authority without enough safeguards.

Review before installing on a production Odoo system. Start with a staging database, use a least-privilege Odoo API user, keep backups and audit logs, and require human confirmation before deletes, invoice posting, order confirmation, workflow transitions, website publishing, or fuzzy smart actions that create missing records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill prominently advertises broad business-control capabilities such as creating, updating, confirming, and deleting ERP records, but does not pair that with a strong warning that these operations can trigger real financial, inventory, HR, and operational consequences. In an agentic natural-language setting, users may issue commands casually or ambiguously, causing unintended state changes in a production ERP system.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented smart-action behavior automatically creates customers, products, projects, and other records when fuzzy matching does not find an exact result, but it does not warn that ambiguous natural-language input can silently create incorrect master data. In an ERP context, accidental auto-creation can propagate bad records into sales, purchasing, invoicing, inventory, and reporting workflows, making this more dangerous than a typical convenience feature.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a generic delete capability and shows low-level unlink support without an explicit warning that record removal may be irreversible or may destroy critical business data. Because this connector targets live ERP objects across many modules, deletion can remove financial, operational, HR, or audit-relevant records and may be especially risky when invoked through broad natural-language tooling.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal