Auto.dev – Automotive Data
ReviewAudited by ClawScan on May 10, 2026.
Overview
This documentation-only Auto.dev helper is coherent, but users should notice that it uses OAuth/API keys, can make paid API calls, and documents global CLI/MCP setup.
Before installing, be comfortable with connecting an Auto.dev account, protecting any API key or OAuth login, and approving cost-bearing API calls. If you run the optional npm/MCP setup, verify the @auto.dev/sdk package source and confirm which AI tools are being configured.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create billable Auto.dev API usage, especially for batch exports, enrichments, and plate-to-VIN lookups.
The skill can drive paid API workflows, including higher-cost build and plate lookup calls, but the artifact also instructs agents to estimate costs and confirm larger charges.
Always warn before using Build ($0.10/call) or Plate ($0.55/call) ... If estimated cost > $1, ask for explicit confirmation
Review estimated costs before approving bulk or paid endpoint calls, and require explicit confirmation for plate lookups, build data, or any larger batch operation.
Anyone or any agent with access to the configured token or key may be able to make Auto.dev requests against the user's account.
The skill uses an Auto.dev API key or OAuth login, which is expected for the service but grants account access for API calls.
AUTODEV_API_KEY: Optional — only needed for Direct API usage. CLI and MCP use OAuth via `auto login` instead.
Store the API key only in secret environment/config storage, avoid pasting it into chat, use OAuth only with trusted tools, and monitor Auto.dev usage.
Running the documented setup depends on the external @auto.dev/sdk package and can modify local AI-tool configuration.
The skill documents installing and running an external npm package that is not included in the provided artifacts, including a global/MCP setup path.
To install: `npx @auto.dev/sdk mcp install` (installs globally and configures Claude Code, Claude Desktop, Cursor, Windsurf, VS Code Copilot, Cline, Zed).
Install only from the trusted Auto.dev package source, consider pinning a reviewed version, and review the npm package separately before running global or MCP install commands.
After setup, multiple AI tools may continue to have access to Auto.dev MCP capabilities until the configuration is removed.
The documented setup can persistently register Auto.dev MCP tooling with multiple agent applications, making the integration available beyond a single chat session.
`auto mcp install` ... Auto-configures the MCP server in Claude Code, Claude Desktop, and Cursor in one step.
Check which AI applications were configured, keep only the ones you intend to use, and remove the MCP configuration when it is no longer needed.