Security Audit

ashrf-in/odoo-openclaw-skill:root

github.com/ashrf-in/odoo-openclaw-skill

AI SkillCommit 9790c0759b05

CRITICAL

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ashrf-in/odoo-openclaw-skill:root received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 9 findings: 2 critical, 2 high, 5 medium, and 0 low severity. Key findings include Arbitrary command execution, Suspicious import: socket, Suspicious import: requests.

The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. The llm_behavioral_safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 8, 2026 (commit 9790c075). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

64%

Dependency Graph

86%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

4 findings

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

4 findings

Security Findings9

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/src/logic/openclaw_intelligence.py:25
CRITICAL	Unrestricted Odoo RPC Access Bypassing Read-Only Policy The skill exposes a raw `rpc-call` command that allows executing arbitrary methods on any Odoo model. Although `SKILL.md` claims the skill is 'strict read-only' and `OdooClient` defines a `BLOCKED_METHODS` list, this list is never enforced in the `_json2_call` or XML-RPC transport logic. This allows an attacker or the AI agent to execute destructive methods (e.g., `write`, `unlink`, `create`) if the credentials permit, directly violating the stated security boundary. Enforce `BLOCKED_METHODS` checks inside `OdooClient._json2_call` and the XML-RPC proxy wrapper. Alternatively, remove the `rpc-call` command entirely or restrict it to a whitelist of safe read-only methods.	Unknown	assets/autonomous-cfo/src/tools/cfo_cli.py:118
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/src/logic/openclaw_intelligence.py:25
HIGH	Prompt Injection via Unsanitized Input Concatenation The `natural_language_query` method constructs a prompt for the downstream `openclaw` agent by directly concatenating the user-provided `query` string. This allows for prompt injection attacks where malicious input in the query (e.g., 'Ignore previous instructions...') can manipulate the behavior of the `openclaw` agent. Sanitize user input before inclusion in the prompt, or use a structured message format (e.g., separating System and User roles) if the `openclaw` agent API supports it, to prevent instruction override.	Unknown	assets/autonomous-cfo/src/logic/openclaw_intelligence.py:46
MEDIUM	Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/src/connectors/odoo_client.py:2
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/src/connectors/odoo_client.py:8
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/src/tools/cfo_cli.py:7
MEDIUM	Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/requirements.txt:1
MEDIUM	Unpinned Python dependency version Requirement 'matplotlib>=3.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Unknown	/tmp/skillscan-clone-ucguaoya/repo/assets/autonomous-cfo/requirements.txt:2

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/efef2d82d67a712e.svg)](https://skillshield.io/report/efef2d82d67a712e)