OpenClaw Odoo
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-odoo Version: 1.0.0 The OpenClaw Odoo skill is suspicious due to its broad and powerful capabilities, which, while explicitly documented, present significant vulnerabilities if misused. The `SKILL.md` file details tools like `odoo_create`, `odoo_update`, `odoo_delete`, and `odoo_workflow`, allowing the AI agent to perform arbitrary CRUD and workflow operations on any Odoo model. Furthermore, the 'Smart Actions' feature explicitly instructs the agent to automatically create new entities (e.g., customers, products, projects) in Odoo if they don't exist based on user input. These features, while intended, could lead to data pollution, unauthorized resource creation, or data destruction if the agent's input or reasoning is compromised. There is no evidence of intentional malice such as data exfiltration to unauthorized endpoints, backdoors, or prompt injection designed to subvert the agent's core purpose beyond its stated Odoo management functions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could create, confirm, post, or publish important business records if given access, potentially affecting finances, operations, employees, and customers.
The skill claims broad natural-language authority over an ERP system. The artifacts do not show explicit approval gates, scoping limits, or rollback controls for high-impact business actions.
Control your entire business via natural language chat commands.
Use only with a least-privileged Odoo account, require explicit confirmation for mutations, test in a sandbox first, and verify that the implementation has per-module and per-action limits.
Users may not understand what Odoo account or permissions the skill will use, which could lead to over-privileged access to sensitive business modules.
The metadata does not declare credentials or configuration, even though SKILL.md describes an Odoo XML-RPC connector that would normally need authenticated ERP access.
Required env vars: none; Env var declarations: none; Primary credential: none
The skill should clearly declare required Odoo credentials, expected permission scopes, supported modules, and safe least-privilege setup instructions before installation.
A mistaken match or auto-created record could propagate into orders, invoices, inventory, projects, or other dependent Odoo processes.
Fuzzy matching and automatic record creation can amplify ambiguous user requests into persistent ERP changes across connected business workflows.
All operations use smart actions that handle fuzzy matching and auto-creation workflows.
Require previews and confirmations before creating or changing records, especially for finance, procurement, inventory, HR, manufacturing, and website publishing actions.
The registry artifact alone does not let users or scanners verify what code will actually run after installation.
The supplied package does not include the claimed connector implementation for review, while SKILL.md points users to an external repository and install command.
No code files present — this is an instruction-only skill.
Inspect the linked repository, pin trusted versions, and avoid granting production Odoo access until the installed code has been reviewed.