Trust Assessment
odoo received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 3 critical, 1 high, 6 medium, and 0 low severity. Key findings include Arbitrary command execution, Suspicious import: socket, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/src/logic/openclaw_intelligence.py:25 | |
| CRITICAL | Prompt Injection via 'ask' command The `cfo_cli.py` tool exposes an `ask` command that takes a user-provided `query` string. This `query` is directly passed to the `OpenClawIntelligence` LLM via `intelligence_engine.ask` and `self.ai.natural_language_query`. This allows an attacker to inject malicious instructions into the LLM's prompt, potentially manipulating its behavior, extracting sensitive information, or causing unintended actions. Implement robust input sanitization and validation for the `query` parameter before passing it to the LLM. Consider using a separate, sandboxed LLM for user-facing queries or strictly limiting the capabilities of the LLM when processing untrusted input. Implement a 'red-teaming' filter to detect and block known prompt injection patterns. | LLM | assets/autonomous-cfo/src/tools/cfo_cli.py:105 | |
| CRITICAL | Command Injection via 'rpc-call' command The `cfo_cli.py` tool exposes an `rpc-call` command that allows users to specify arbitrary Odoo `model`, `method`, and `payload` (as a JSON string) for execution. While the `OdooClient` attempts to block certain methods (`create`, `write`, `unlink`, etc.), this direct RPC access bypasses the skill's intended read-only nature and higher-level security controls. A malicious actor could exploit this to call unblocked but sensitive Odoo methods, potentially leading to data manipulation, privilege escalation, or other unauthorized actions within the Odoo instance. Remove or severely restrict the `rpc-call` command. If direct RPC access is absolutely necessary, implement a strict allowlist of models and methods, and thoroughly validate all payload parameters to prevent any unintended operations. Ensure that the `BLOCKED_METHODS` list is comprehensive and cannot be bypassed. | LLM | assets/autonomous-cfo/src/tools/cfo_cli.py:110 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/src/logic/openclaw_intelligence.py:25 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/src/connectors/odoo_client.py:2 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/src/connectors/odoo_client.py:8 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/src/tools/cfo_cli.py:7 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'matplotlib>=3.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ashrf-in/odoo-openclaw-skill/assets/autonomous-cfo/requirements.txt:2 | |
| MEDIUM | Excessive Permissions: Disabling SSL Verification The `cfo_cli.py` tool allows disabling SSL certificate verification via the `--insecure` flag. While the help text suggests it's 'only for trusted internal environments,' providing this option can lead to its misuse in production or untrusted environments. Disabling SSL verification makes the connection vulnerable to Man-in-the-Middle (MITM) attacks, where an attacker could intercept or alter communication with the Odoo instance, potentially leading to data compromise or unauthorized access. Remove the `--insecure` flag. SSL verification should always be enabled for connections to external services, especially those handling sensitive financial data. If there are specific internal environments that require this, consider alternative secure configurations or ensure strict network controls are in place. | LLM | assets/autonomous-cfo/src/tools/cfo_cli.py:49 | |
| INFO | Unpinned or Loosely Pinned Dependencies The `requirements.txt` and `setup.py` files specify Python dependencies using version ranges (e.g., `requests>=2.31.0,<3.0.0`). While better than completely unpinned dependencies, this approach can still introduce supply chain risks. A new version within the specified range could introduce a critical vulnerability or breaking change, potentially affecting the skill's security or functionality without explicit review. Pin all production dependencies to exact versions (e.g., `requests==2.31.0`) using a `requirements.lock` file or similar mechanism. Regularly audit and update these pinned dependencies to incorporate security patches. | LLM | assets/autonomous-cfo/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4b11f2a391995619)
Powered by SkillShield