ClawHub

Tesla Control via Tessie

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent sensitive real-world Tesla control powers without enough built-in safety boundaries.

Install only if you want an agent to have a Tessie API key that can read your Tesla status and location and issue commands such as unlock, trunk open, charging, climate, and software updates. Store the key in a secret manager or tightly protected environment, verify the VIN before commands, require explicit confirmation in your workflow for physical actions, and enable the cron job only if you want recurring Tessie checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill documents use of environment variables and outbound network access to a vehicle-control API, but the skill declares no permissions. That mismatch can undermine user and platform trust because the skill can access sensitive credentials and send remote commands without explicit permission disclosure.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script exposes software update scheduling and cancellation commands that are not disclosed in the skill description. Hidden control capabilities are dangerous because users and platform reviewers may authorize the skill for benign-seeming vehicle status/control tasks without realizing it can alter software update behavior on a real vehicle.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation advertises highly sensitive actions such as unlocking doors, opening trunks, revealing precise location, and controlling charging/climate without clear warnings, confirmation requirements, or safety guidance. In this context, the skill directly interfaces with a real vehicle, so misuse could expose location privacy, enable unauthorized physical access, or cause unsafe remote actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation recommends persisting the Tessie API key in shell profiles without warning that profile files may be readable by other local users, backed up, synced, or accidentally exposed through dotfile sharing. Because the API key grants remote access to Tesla data and commands, credential exposure could lead to account compromise and unauthorized vehicle control.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script directly executes high-impact real-world vehicle commands such as unlock, climate changes, trunk opening, charging changes, and software update actions without any confirmation or safety interlock. In an agent context, ambiguous prompts, prompt injection, or accidental invocation could trigger physical-world effects on a user's vehicle immediately.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill retrieves and prints precise vehicle location data without any user-facing privacy warning, minimization, or confirmation step. In an agent environment this increases privacy risk because location may be surfaced, stored, or shared in contexts where the user did not fully appreciate the sensitivity of the data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal