Back to skill

Security audit

Drivethru Operations

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly transparent about being an Odoo operations assistant, but it can use an authenticated MCP connection to make live ERP changes including purchase orders, stock records, and vendor bills.

Install only if this skill will be connected to a tightly scoped Odoo MCP server and token. Review which MCP tools the server exposes, limit the token to the intended Odoo roles, and require human approval for any PO, stock, pricing, or vendor-bill write action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no explicit permissions while requiring sensitive environment variables and providing MCP-based remote tool access. This weakens reviewability and policy enforcement because operators may not realize the skill can authenticate to a live ERP backend and invoke server-exposed capabilities.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill is presented as a scoped Odoo operations agent, but its documented behavior is to enumerate live MCP tools and call arbitrary tools by name, effectively making it a general-purpose transport client. If the MCP server exposes broader or newly added tools, the agent can exceed its stated business scope and reach unintended read/write actions without corresponding manifest disclosure.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill's stated scope is purchasing→manufacturing→shipping operations, yet it also includes accounts-payable actions such as PO line edits and vendor-bill creation. This scope expansion increases the chance of unauthorized financial changes and can bypass least-privilege expectations for users who believed they were invoking only logistics functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.