语音车辆控制助手
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood or overly autonomous command could start or stop the vehicle, unlock it, or open windows without the user expecting that exact action.
The skill is designed to create or execute commands that physically change the vehicle state, including engine, locks, and windows. The artifacts do not require explicit confirmation for every high-impact state-changing action.
基础控制:车辆启动/熄火、开锁/关锁、开关车窗、天窗/遮阳帘
Require explicit user confirmation for all state-changing vehicle commands, show a summary before execution, and enforce safety checks such as parked/stationary state, authenticated user presence, and easy cancellation.
If granted broad vehicle-account access, the agent may be able to control the vehicle and read sensitive vehicle status such as location or speed.
The protocol expects a bearer token for the vehicle API, while the registry metadata declares no primary credential or required environment variables. That leaves the vehicle-account permission boundary and token handling unclear.
"Authorization": "Bearer {token}"Declare the required vehicle credential, use least-privilege scoped tokens, limit access to a specific vehicle and permitted actions, avoid logging tokens, and document revocation and reauthorization steps.
One mistaken scene activation could change navigation, climate, seats, lights, locks, or windows in sequence, including delayed actions after the initial request.
A single scenario phrase can trigger multiple vehicle operations. Several example scenarios use on_failure continue and delayed commands, which can compound the impact of a misrecognized or unsafe request.
场景模式允许用户通过一条指令触发多个车辆控制操作。
Preview all scenario actions before running them, require confirmation for scenes, make safety-relevant failures stop the sequence by default, and provide a clear way to cancel pending delayed commands.