Trust Assessment
odoo received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 0 critical, 0 high, 13 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: socket, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 58/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nullnaveen/odoo-erp-connector/odoo_skill/__init__.py:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nullnaveen/odoo-erp-connector/odoo_skill/errors.py:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nullnaveen/odoo-erp-connector/odoo_skill/models/calendar_ops.py:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nullnaveen/odoo-erp-connector/odoo_skill/models/ecommerce.py:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nullnaveen/odoo-erp-connector/odoo_skill/models/hr.py:5 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nullnaveen/odoo-erp-connector/odoo_skill/sync/webhook.py:4 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/nullnaveen/odoo-erp-connector/odoo_skill/client.py:10 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dotenv>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/nullnaveen/odoo-erp-connector/requirements.txt:7 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest>=7.4.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/nullnaveen/odoo-erp-connector/requirements.txt:10 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-cov>=4.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/nullnaveen/odoo-erp-connector/requirements.txt:11 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-mock>=3.12.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/nullnaveen/odoo-erp-connector/requirements.txt:12 | |
| MEDIUM | Excessive Permissions Implied by Broad Functionality The skill is advertised as a 'Full-featured Odoo 19 ERP connector' covering '153+ business modules' with '80+ operations'. This implies that the Odoo API user configured via 'api_key' will require extensive permissions across many Odoo models (e.g., read, write, create, unlink on sales, CRM, inventory, HR, etc.). The skill's documentation does not explicitly warn about the importance of configuring the Odoo API user with the principle of least privilege, which could lead to users granting overly broad access to the Odoo instance, increasing the attack surface if the API key is compromised. Add a prominent warning in `SKILL.md` and potentially in the `OdooConfig` validation about configuring the Odoo API user with the minimum necessary permissions (principle of least privilege) to reduce the attack surface. Clearly document which specific Odoo permissions are required for each skill capability. | LLM | SKILL.md:1 | |
| MEDIUM | Webhook Server Binds to All Network Interfaces by Default The `OdooWebhookServer` in `odoo_skill/sync/webhook.py` defaults to binding its HTTP server to `0.0.0.0` (all network interfaces). This makes the webhook endpoint publicly accessible by default if the host machine is not behind a firewall or reverse proxy. While HMAC signature verification is implemented, broad network exposure increases the attack surface, especially if the `webhook_secret` is weak or compromised. Additionally, the default `webhook_port` in `odoo_skill/config.py` is `8069`, which is also Odoo's default port, potentially leading to conflicts or unexpected exposure if not explicitly changed. Change the default `host` to `127.0.0.1` (localhost) to restrict access by default, and require explicit configuration for external access. Alternatively, add a clear warning in `SKILL.md` about the implications of binding to `0.0.0.0` and the necessity of network-level security (firewalls, strong secrets). Ensure the default `webhook_port` does not conflict with common services like Odoo itself, or explicitly set it to a less common port. | LLM | odoo_skill/sync/webhook.py:159 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/nullnaveen/odoo-erp-connector/package.json | |
| INFO | Unpinned Dependencies in requirements.txt The `requirements.txt` file specifies dependencies using minimum versions (e.g., `python-dotenv>=1.0.0`) rather than exact pinned versions. This can lead to non-deterministic builds and potential introduction of vulnerabilities or breaking changes if a new patch version of a dependency is released with issues. While the listed dependencies are common and generally trusted, this practice is a general supply chain risk. Pin all production dependencies to exact versions (e.g., `python-dotenv==1.0.0`) to ensure deterministic builds and prevent unexpected updates. Consider using a dependency lock file (e.g., `pip freeze > requirements.lock`) for stricter control over the dependency tree. | LLM | requirements.txt:6 |
Scan History
Embed Code
[](https://skillshield.io/report/b4eaa313f75b4b15)
Powered by SkillShield