OpenClaw Odoo
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill proposes broad agent control over an Odoo business system, including finance, HR, inventory, and website publishing, but the artifacts do not clearly show credential scope, approval gates, or reviewed implementation code.
Review this carefully before installing. If you use it, start with a test Odoo database, use a least-privileged account, require human confirmation for every write/post/publish action, and verify the external source code because the registry artifact contains no implementation to scan.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could create, confirm, post, or publish important business records if given access, potentially affecting finances, operations, employees, and customers.
The skill claims broad natural-language authority over an ERP system. The artifacts do not show explicit approval gates, scoping limits, or rollback controls for high-impact business actions.
Control your entire business via natural language chat commands.
Use only with a least-privileged Odoo account, require explicit confirmation for mutations, test in a sandbox first, and verify that the implementation has per-module and per-action limits.
Users may not understand what Odoo account or permissions the skill will use, which could lead to over-privileged access to sensitive business modules.
The metadata does not declare credentials or configuration, even though SKILL.md describes an Odoo XML-RPC connector that would normally need authenticated ERP access.
Required env vars: none; Env var declarations: none; Primary credential: none
The skill should clearly declare required Odoo credentials, expected permission scopes, supported modules, and safe least-privilege setup instructions before installation.
A mistaken match or auto-created record could propagate into orders, invoices, inventory, projects, or other dependent Odoo processes.
Fuzzy matching and automatic record creation can amplify ambiguous user requests into persistent ERP changes across connected business workflows.
All operations use smart actions that handle fuzzy matching and auto-creation workflows.
Require previews and confirmations before creating or changing records, especially for finance, procurement, inventory, HR, manufacturing, and website publishing actions.
The registry artifact alone does not let users or scanners verify what code will actually run after installation.
The supplied package does not include the claimed connector implementation for review, while SKILL.md points users to an external repository and install command.
No code files present — this is an instruction-only skill.
Inspect the linked repository, pin trusted versions, and avoid granting production Odoo access until the installed code has been reviewed.