Tessie Tesla Control
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: tessie Version: 2.0.3 The OpenClaw AgentSkills skill bundle for Tessie is classified as benign. The `SKILL.md` file provides clear, non-malicious instructions and usage examples without any prompt injection attempts. The `tessie.sh` script securely handles API keys, validates all user inputs, constructs JSON payloads safely using `jq -n --arg`, and makes API requests exclusively to `https://api.tessie.com` via `curl` with appropriate security flags. The `SECURITY_AUDIT.md` further confirms these secure practices, highlighting that minor PII exposure in error messages was addressed, and no other significant vulnerabilities were found. The skill's actions are entirely aligned with its stated purpose of controlling Tesla vehicles.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked accidentally or by an agent misinterpreting intent, the skill could change charging, climate, locks, windows, or trunks on a real vehicle.
The skill documents a broad remote vehicle command surface, including actions that can affect physical access and security, without accompanying confirmation or safety-boundary instructions.
POST https://api.tessie.com/{VIN}/command/{command} ... `lock`, `unlock`, `enable_sentry`, `disable_sentry` ... `activate_front_trunk`, `activate_rear_trunk` ... `open_windows`, `close_windows`, `vent_windows`Require explicit user confirmation for security- or safety-sensitive vehicle commands, especially unlock, trunk, window, charging stop, and sentry-mode changes.
A Tessie API key can expose vehicle data and authorize vehicle commands; users may not notice this from the registry permission metadata alone.
The script sends the Tessie API key as a bearer token to the configured API URL; this credential use is central and high-privilege, but the registry metadata declares no primary credential or environment variables.
TESSIE_API_URL="${TESSIE_API_URL:-https://api.tessie.com}" ... -H "Authorization: Bearer $TESSIE_API_KEY" ... "${TESSIE_API_URL}${endpoint}"Declare the Tessie API key and any supported API URL override in metadata, and document exactly what account and vehicle permissions the token grants.
Using this skill can reveal where the vehicle is and where it has recently traveled.
Vehicle location and drive history are purpose-aligned features, but they are sensitive personal data that may enter the agent conversation or logs.
- **Location**: Current vehicle coordinates ... - **Recent drives**: Last trips with distance, energy, locations
Use only in trusted conversations/workspaces and avoid sharing outputs that include coordinates or trip history.
Users could over-trust the skill based on bundled approval language rather than reviewing its actual permissions and behavior.
The package includes self-contained approval/security-audit claims. These may be useful context, but they should not be treated as independent verification, especially for a high-impact vehicle-control skill.
**Status**: ✅ APPROVED (with fixes) ... ✅ **APPROVED FOR USE** - Token can be added to config
Treat bundled audit claims as non-authoritative and rely on independent review plus clear permission declarations.
The skill may fail or behave inconsistently if those tools are missing, and users may not know the local command dependencies in advance.
The helper script depends on curl and jq, while the provided requirements list no required binaries. This is mainly an installation/operability declaration gap.
curl -s --fail --max-time 30 ... jq -r '.skills.entries.tessie.apiKey // empty'
Declare curl and jq as required binaries or document that the shell helper requires them.