High-risk tools in Odoo Claude MCP
37 of the 180 tools in Odoo Claude MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ai_invoice_pipeline_runExecuteExecute the full registered step pipeline for one move+attachment.
-
ai_pipeline_runExecuteExecute an Odoo-defined pipeline (ai.pipeline.step records for the
-
ai_pipeline_step_executeExecuteExecute a single ai.pipeline.step by name via Odoo RPC.
-
ee_deployExecuteDeploy EE from buffer to target (rsync). Buffered mode only.
-
git_remoteExecuteRun git commands on a remote server via SSH.
-
oca_deployExecuteDeploy OCA repos from buffer to target (rsync). Only in buffered mode.
-
odoo_executeExecuteExecute any model method via execute_kw.
-
ssh_executeExecuteExecute a command on a remote server via SSH.
-
ai_invoice_plugins_reloadExecuteReload plugin steps from the plugins directory (default
-
ai_tokenize_collectionExecuteTokenize ALL records of a model via the registry entry. Heavy operation —
-
ee_cloneExecuteClone Odoo Enterprise repository with GitHub token authentication.
-
github_apiExecuteCall GitHub REST API directly. Uses the GitHub token from local_profile.json.
-
google_authExecuteAuthenticate with Google OAuth2 for Gmail and Calendar access.
-
oca_changelogExecuteGenerate CHANGELOG from newsfragments using oca-towncrier.
-
oca_clone_allExecuteClone all OCA repositories for a branch using oca-clone-everything.
-
oca_clone_repoExecuteClone a specific OCA repository by name.
-
oca_fix_websiteExecuteFix website URL in addon manifests using oca-fix-manifest-website.
-
oca_gen_iconExecuteGenerate default OCA icon for addon(s) using oca-gen-addon-icon.
-
oca_gen_readmeExecuteGenerate README for an OCA addon using oca-gen-addon-readme.
-
oca_gen_requirementsExecuteGenerate requirements.txt from addon external_dependencies using oca-gen-external-dependencies.
-
odoo_stock_initial_opening_journalExecuteBook the opening-balance journal entry for a previous SQL-inserted initial stock
-
odoo_translate_context_awareExecuteTranslate Odoo records using Claude with rich domain context for natural,
-
odoo_web_callExecuteCall any Odoo model method via web session (JSON-RPC /web/dataset/call_kw).
-
odoo_web_requestExecuteRaw HTTP request to any Odoo controller URL via web session.
-
proxy_callExecuteForward a tool call to an internal MCP sub-service.
-
proxy_refreshExecuteRe-discover tools from all internal MCP sub-services.
-
telegram_authExecuteAuthenticate with Telegram. Two-step process:
-
ee_linkExecuteCreate symlink for specific EE modules in the Odoo addons path (selective install).
-
ee_updateExecuteGit pull Enterprise repository.
-
google_gmail_sendExecuteSend an email or reply to an existing message.
-
oca_linkExecuteCreate symlink for OCA addon module in the Odoo addons path.
-
oca_migrateExecuteMigrate OCA repos to a new Odoo version branch using oca-migrate-branch.
-
oca_updateExecuteGit pull all OCA repos in the working directory (recursive).
-
odoo_stock_initial_importExecuteImport opening stock balances (initial inventory) via direct SQL INSERT, bypassing
-
odoo_web_loginExecuteLogin to Odoo web interface with user/password. Creates a persistent
-
open_connection_managerExecuteOpen the Connection Manager GUI (desktop app).
-
telegram_send_messageExecuteSend a Telegram message. Chat can be @username, phone, or numeric ID.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.