ClawHub

Tessie Tesla Control

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tessie/Tesla control integration, but users should treat its API key, location data, and vehicle commands as sensitive.

Install only if you trust this skill with your Tessie API key and understand it can reveal vehicle location and issue remote vehicle commands such as climate and charging actions. Store the API key as a secret, avoid sharing logs or screenshots that may include vehicle data, and review commands before allowing an agent to run them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The audit document makes contradictory security claims: it asserts there is no raw API error or response exposure, then later admits full API responses are still echoed for debugging. This kind of inaccurate assurance can cause unsafe deployment decisions and may normalize retaining debug output that exposes vehicle metadata or other sensitive API data.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims PII was scrubbed from all files and that no PII leaks remain, but it also acknowledges intentional address display and retained full-response debug output that may include vehicle metadata. This inconsistency is security-relevant because it understates residual privacy exposure and could mislead reviewers into approving a skill that still processes or displays sensitive location-related data.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script silently reads a Tessie API key and vehicle identifier from an unrelated local application config file under $HOME/.clawdbot/clawdbot.json. Even if intended as convenience, this expands the credential trust boundary and can cause the skill to access sensitive credentials and vehicle-control capabilities without explicit user awareness or consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises remote vehicle control and access to precise vehicle location without warning users about physical-world consequences, privacy exposure, or the sensitivity of these actions. In this context, commands can affect a real vehicle and reveal whereabouts, so omission of safety and consent guidance materially increases misuse risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup instructions tell users to store a Tessie API key but do not describe it as a highly sensitive credential with account-level access to vehicle telemetry and remote commands. If exposed through logs, config files, screenshots, or environment leakage, an attacker could monitor or control connected vehicles through the Tessie account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script retrieves a credential from a local config file without clearly disclosing that behavior to the user. In an agent skill context, hidden credential sourcing is risky because it can cause unintended use of stored secrets and vehicle access beyond what the operator explicitly supplied for this run.

Credential Access

High
Category
Privilege Escalation
Content
TESSIE_API_URL="${TESSIE_API_URL:-https://api.tessie.com}"
TESSIE_API_KEY="${TESSIE_API_KEY:-}"

# Get API key from clawdbot config if env not set
if [[ -z "$TESSIE_API_KEY" ]]; then
    CONFIG_FILE="$HOME/.clawdbot/clawdbot.json"
    if [[ -f "$CONFIG_FILE" ]]; then
Confidence
95% confidence
Finding
Get API key from

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal