← 返回 Skills 市场
ashrf-in

Odoo Reporting

作者 ashrf-in · GitHub ↗ · v2.0.5
cross-platform ⚠ suspicious
3515
总下载
7
收藏
3
当前安装
12
版本数
在 OpenClaw 中安装
/install odoo-openclaw-skill
功能描述
Query Odoo data including salesperson performance, customer analytics, orders, invoices, CRM, accounting, VAT, inventory, and AR/AP. Generates WhatsApp cards...
安全使用建议
Do not install or provide Odoo credentials until you resolve the metadata vs code contradictions. Specifically: - Verify skill.json/registry: confirm whether model invocation is actually disabled. If the platform allows autonomous invocation, do not provide credentials. - Confirm where credentials will be stored and who/what can read assets/autonomous-cfo/.env; prefer scoped API keys with least privilege and an account that only has read access. - Inspect the full source (especially omitted/remaining files) to ensure there are no hidden network calls or telemetry sending data to third-party endpoints. - Run install and any tests in an isolated environment (ephemeral VM or sandbox) before pointing it at production Odoo data. - If you proceed, create an Odoo read-only user or API key limited to the data the skill needs, and rotate/revoke it after testing. If you want, I can: (a) extract/check the remaining omitted files for any external endpoints or suspicious code, (b) summarize exactly where credentials are read/used, or (c) help draft minimal Odoo permissions to safely test the skill.
功能分析
Type: OpenClaw Skill Name: odoo-openclaw-skill Version: 2.0.5 The OpenClaw Odoo skill is classified as benign. It explicitly enforces read-only access to the Odoo ERP system through robust client-side method blocking in `src/connectors/odoo_client.py`, preventing any `create`, `write`, or `unlink` operations. All generated reports (PDFs, Excel, WhatsApp cards) are stored locally within the skill's `output/` directory, with no evidence of data exfiltration to unauthorized external endpoints. Network access is confined to the configured Odoo instance and a benign version check. Instructions in `SKILL.md` and `README.md` consistently promote safe agent behavior, emphasizing user confirmation and adherence to read-only policies. The use of `OpenClawIntelligence` for AI analysis is explicitly stated to be routed through the 'OpenClaw native local agent runtime', mitigating concerns about data leakage to third-party AI services.
能力评估
Purpose & Capability
The code and SKILL.md clearly implement an Odoo read-only reporting tool (connectors, report generators, visualizers) which fits the named purpose. However the registry metadata claims no required environment variables and 'instruction-only/no install spec', while the SKILL.md and code require ODOO_URL/ODOO_DB/ODOO_USER/ODOO_PASSWORD and include an install.sh and requirements.txt. This mismatch between claimed metadata and actual files is unexpected and prevents you from trusting the surface description alone.
Instruction Scope
SKILL.md instructs the agent to read credentials from assets/autonomous-cfo/.env, create a venv, and run local scripts; code enforces read-only Odoo methods. However SKILL.md also states 'Model invocation is DISABLED' while registry flags show disable-model-invocation: false (i.e., model invocation allowed). That policy contradiction matters because the skill handles sensitive financial data and the agent's runtime policy (user-invoked vs autonomous) affects risk. The instructions claim 'no exfiltration' and 'only connect to ODOO_URL', and I found no hardcoded external endpoints besides calls to the Odoo instance, but the mismatch in invocation policy and metadata is a scope/authority concern.
Install Mechanism
Installation is via a local install.sh that creates a Python venv and uses pip to install pinned PyPI packages from requirements.txt (requests, matplotlib, pillow, fpdf2, openpyxl). This is standard and lower-risk than arbitrary remote downloads, but the package installs write code to disk and will execute local Python scripts. The registry initially labeled the skill 'instruction-only' despite the presence of install.sh/setup.py — that's an inconsistency you should verify.
Credentials
The skill legitimately needs Odoo credentials (ODOO_URL, ODOO_DB, ODOO_USER, ODOO_PASSWORD) to connect and the code reads them from environment variables. That is proportionate to its purpose. However the skill metadata declared 'Required env vars: none' and 'Primary credential: none' which is false given both SKILL.md and src/connectors/odoo_client.py expect and validate those variables. The omission in metadata increases the risk a user will provide credentials without realizing they are required or how they are used. Also ODOO_PASSWORD is sensitive — the code sometimes places it in an Authorization header as a bearer token for JSON-2 calls (unusual but not necessarily malicious); you should confirm how your Odoo instance expects authentication.
Persistence & Privilege
The skill is not marked always:true (good) and is user-invocable. However SKILL.md claims model invocation is disabled to enforce explicit user invocation while the registry flags show model invocation is enabled. If the platform allows autonomous invocation while the skill has access to Odoo credentials (and features like AI anomaly analysis via an OpenClaw intelligence module), that increases blast radius. This combined with the metadata/README contradictions warrants caution.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install odoo-openclaw-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /odoo-openclaw-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.6
Odoo-Openclaw-Skill 2.0.6 Changelog - Added detailed security and privacy policies to documentation, including credential isolation, read-only enforcement, and output restrictions. - Clarified use of Odoo API keys for enhanced security, including setup instructions. - Expanded section on blocked (write) and allowed (read-only) methods, including explicit error handling for disallowed operations. - Introduced authentication backend options (XML-RPC and JSON-RPC), with configuration details. - Added README.md and SECURITY.md files for easier onboarding and compliance. - Updated and reorganized skill documentation for improved clarity, emphasizing user-invocation requirements and strict local data processing.
v2.0.5
Version 2.0.5 - Model invocation is now disabled per skill policy; the skill must be explicitly called by the user. - Updated documentation to reflect new invocation and security policy. - Added new documentation in assets/autonomous-cfo/README.md. - Removed obsolete logic file assets/autonomous-cfo/src/logic/openclaw_intelligence.py.
v2.0.4
**Changelog for odoo-openclaw-skill v2.0.4** - SKILL.md updated: condensed skill description, removing verbose language while retaining key usage and invocation instructions. - Description clarified to highlight core use cases and trigger keywords. - No code or functional skill logic changes; documentation only. - Example output formats and report types summarized for greater clarity. - Installation, required credentials, security, and reporting guidance remain unchanged.
v2.0.3
Version 2.0.3 (Odoo-Openclaw Skill) - Expanded the skill's applicability to all Odoo data queries, not just accounting; updated description to emphasize use for salesperson performance, customer analytics, orders, CRM, and inventory. - Enabled automatic skill invocation for any user request mentioning Odoo business entities (e.g., salesperson, invoice, customer, order). - Added a quick reference section listing common Odoo models and their use cases. - Changed invocation policy from user-only to automatic for relevant business queries. - Removed a legacy readme file (`assets/autonomous-cfo/README.md`) as part of documentation streamlining.
v2.0.2
**Security model and credential handling clarified; model auto-invocation disabled by default.** - Added a skill manifest file (`skill.json`). - Expanded documentation with a new "Security & Credentials" section, detailing required environment variables and secure setup. - Clarified that model invocation is disabled to prevent accidental exposure of financial data. - Outlined data handling scope, installation instructions, and enforced a strict read-only policy. - No functional changes to reporting rules or user flow.
v2.0.1
Major update with critical compliance, reporting, and visualization improvements: - Adds support for compliant financial statements (P&L, Balance Sheet, Cash Flow), using ledger-based (account.move.line) data instead of invoice summaries. - Automatically detects and applies company-specific accounting standards (IFRS, US GAAP, Ind-AS, UK GAAP, etc.) with local formatting. - Enforces strict rules: always ask clarifying questions, verify companies/periods/accounts, and never silently assume defaults. - Adds Excel export and output options (--output excel, --output all) alongside WhatsApp cards and PDF. - All reports now automatically include clear visualizations and charts by default, no prompting required. - Expanded and clarified methodology for handling Odoo equity accounts to ensure accurate, balanced financial statements.
v0.1.5
Major update: introduces modern, interactive Odoo financial reporting with multi-format output. - Adds 5 pre-built financial reports (health, revenue, aging, expenses, executive). - Launches an ad-hoc comparison report builder with flexible metrics. - Supports output as WhatsApp cards (1080x1080, dark theme), PDF (A4, light), or both. - Prompts user interactively for missing parameters (period, breakdown, output). - Enhances CLI with new report commands and richer options. - Removes legacy files; reorganizes and expands reporting, visualization, and validation modules.
v0.1.4
- Major documentation update: SKILL.md has been streamlined, clarified, and updated. - Inventory valuation added as a documented skill use case. - Hard rules, environment requirements, accuracy protocols, and output contracts have been updated for greater clarity and brevity. - README.md file removed; all usage and guidance are now consolidated in SKILL.md. - Concrete command examples and best practices condensed and reorganized for easier reference.
v0.1.3
**Hardens read-only policy and updates documentation.** - Adds enforcement at connector level to block mutation methods (`create`, `write`, `unlink`) for increased data safety. - Clarifies hard read-only rule and skill guardrails in SKILL.md. - Updates CLI and connector documentation for enhanced transparency. - Adds new README for improved onboarding and usability. - No changes to external APIs or workflows; safety and documentation focus.
v0.1.2
- Updated CLI entrypoints to use `python3 ./skills/odoo/assets/autonomous-cfo/src/tools/cfo_cli.py` for all commands. - Removed legacy scripts, old documentation, and test files for improved clarity and maintainability. - Added runtime environment file (`runtime_env.py`) for better environment management. - Updated documentation in SKILL.md and README.md to reflect new usage patterns, emphasizing reproducibility and direct Odoo RPC calls. - Refined requirements to streamline dependencies and align with updated architecture.
v0.1.1
Significant update: Introduces native JSON-2 (OpenClaw) backend, upgrades protocols, and enforces evidence-backed financial reporting. - Added support for Odoo JSON-2 API (OpenClaw) backend for Odoo 19+, retaining XML-RPC fallback. - Replaced Gemini AI flow with OpenClaw-native intelligence; all AI analysis is now advisory, not authoritative. - Enforced strict evidence and reproducibility protocols—every report requires method, scope, assumptions, and cross-checks. - Updated CLI commands and workflow documentation to reflect new backend options and operational guardrails. - Removed deprecated Gemini intelligence logic; added new OpenClaw intelligence module and test coverage. - Enhanced VAT and reporting accuracy standards, edge case handling, and delivery rules for financial artifacts.
v0.1.0
Initial release summary: Adds advanced Odoo financial intelligence features with audit, reporting, and analytics tools. - Provides financial audits, VAT reports, cash flow summaries, and trend analysis for Odoo via cfo-cli. - Enables AI-powered anomaly detection and natural language financial queries. - Supports workflows for summaries, VAT checks, visual trend charts, forensic audits, and direct question answering. - Includes detailed delivery guidelines for sharing charts, reports, and data exports in chat with summaries.
元数据
Slug odoo-openclaw-skill
版本 2.0.5
许可证
累计安装 4
当前安装数 3
历史版本数 12
常见问题

Odoo Reporting 是什么?

Query Odoo data including salesperson performance, customer analytics, orders, invoices, CRM, accounting, VAT, inventory, and AR/AP. Generates WhatsApp cards... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3515 次。

如何安装 Odoo Reporting?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install odoo-openclaw-skill」即可一键安装,无需额外配置。

Odoo Reporting 是免费的吗?

是的,Odoo Reporting 完全免费(开源免费),可自由下载、安装和使用。

Odoo Reporting 支持哪些平台?

Odoo Reporting 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Odoo Reporting?

由 ashrf-in(@ashrf-in)开发并维护,当前版本 v2.0.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论