Security Audit
NullNaveen/openclaw-odoo-skill:root
github.com/NullNaveen/openclaw-odoo-skillTrust Assessment
NullNaveen/openclaw-odoo-skill:root received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 0 critical, 6 high, 5 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: socket, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 27, 2026 (commit a1bfd00b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | odoo_skill/__init__.py:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | odoo_skill/errors.py:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | odoo_skill/models/calendar_ops.py:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | odoo_skill/models/ecommerce.py:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | odoo_skill/models/hr.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | odoo_skill/sync/webhook.py:4 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | odoo_skill/client.py:10 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dotenv>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | requirements.txt:7 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest>=7.4.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | requirements.txt:10 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-cov>=4.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | requirements.txt:11 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-mock>=3.12.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | requirements.txt:12 |
Scan History
Embed Code
[](https://skillshield.io/report/42929892f484ce8e)
Powered by SkillShield