Back to skill

Security audit

Huo15 Odoo19 Module Dev

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Odoo development helper with broad trigger terms but no hidden code, credential access, or automatic execution.

Safe to install as an Odoo development reference. Be aware it may activate on broad Odoo prompts, and review generated ACLs, unlink/write logic, cron jobs, sudo usage, and Docker commands before applying them to a real ERP database.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are very broad and map to common Odoo development topics, so the skill may activate in many ordinary conversations without clear scoping or user intent confirmation. Over-broad activation can cause unintended instruction injection into unrelated tasks, reduce user control, and make it easier for a skill to steer outputs when the user only wanted partial or different assistance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.