odoo-dev-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read and report sensitive fields from odoo.conf (e.g., db_password, admin_passwd) and to include new/login passwords verbatim in ORM snippets and report templates, which requires the LLM to output secret values directly.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs the agent to perform state-changing operations (restore databases, run createdb/pg_restore, write filestore and update odoo.conf) which modify the host filesystem and DBs even though it does not explicitly request sudo or OS-level user creation, so it poses a moderate risk of altering the machine state.