Safety Report

Odoo Manager

Name: Odoo Manager
Rating: 5 (7 reviews)
Author: willykinfoussia

Manage Odoo (contacts, any business objects, and metadata) via the official External XML-RPC API. Supports generic CRUD operations on any model using execute_kw, with ready-made flows for res.partner and model introspection. Features dynamic instance and database switching with context-aware URL, database, and credential resolution.

1,634Downloads

2Installs

7Stars

1Versions

API Integration4,971 Customer Support1,744 AI & Machine Learning1,383 Database Management1,222

Security Analysis

high confidence

Clean

The skill's declared purpose (manage Odoo via the External XML-RPC API) matches its runtime instructions and required environment variables; nothing in the SKILL.md asks for unrelated credentials, binaries, or installs.

Feb 11, 20262 files

Purpose & Capabilityok

Name/description match the declared requirements: the skill needs ODOO_URL, ODOO_DB, ODOO_USERNAME and ODOO_PASSWORD (or optional ODOO_API_KEY) which are exactly what an Odoo XML-RPC integration needs.

Instruction Scopeok

SKILL.md explicitly describes connecting to the Odoo XML-RPC endpoints, authenticating, and calling execute_kw for model operations. It does not instruct reading unrelated files, scanning the host, or sending data to endpoints other than the resolved Odoo URL(s). It also documents context variables and instructs not to expose full secrets when displaying context.

Install Mechanismok

No install spec or code files are present (instruction-only), so nothing is written to disk or fetched at install time. This minimizes install-time risk.

Credentialsok

Requested environment variables are limited to Odoo connection credentials. The primary credential is ODOO_PASSWORD; an optional ODOO_API_KEY is mentioned (not declared as required), which is reasonable. No unrelated secrets or broad credentials are requested.

Persistence & Privilegeok

Skill does not request always:true and is user-invocable with normal autonomous invocation allowed. It documents ephemeral and session context handling without asking to modify other skills or system-wide agent settings.

Guidance

This skill appears coherent for interacting with Odoo via XML-RPC. Before installing, ensure you: (1) provide an account with least privilege needed for the tasks (avoid using a global admin account), (2) prefer an ODOO_API_KEY scoped to the integration and rotate it regularly, (3) avoid setting temporary_url or user_url to endpoints you don't control (an attacker-provided URL would receive credentials), and (4) avoid pasting secrets into chat history — treat temporary/user context values as sensitive. If you need stronger assurance, request the skill author publish source code or a canonical homepage/repo so you can audit the exact runtime calls and data handling.

Latest Release

v0.0.1

Initial release: Manage Odoo via XML-RPC with dynamic environment and context switching. - Supports generic CRUD operations on any Odoo model using execute_kw. - Features ready-made flows for res.partner and model introspection. - Allows dynamic, context-aware switching of Odoo instance, database, and credentials (temporary and session scopes). - Computes and displays resolved connection context; sensitive secrets are never exposed in outputs. - Requires ODOO_URL, ODOO_DB, ODOO_USERNAME, and ODOO_PASSWORD environment variables.

More by @willykinfoussia

MantisBT Manager

2 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @willykinfoussia on ClawHub