ClawHub

Tesla China

Security checks across malware telemetry and agentic risk

Overview

This Tesla vehicle-control skill is not overtly malicious, but it should be reviewed because it can issue real vehicle commands while storing and transmitting the vehicle API key in risky ways.

Install only if you trust both the local machine and tesla.dhuar.com with Tesla vehicle-control access. Treat ~/.tesla_cn.json as a secret file, restrict its permissions, avoid shared or backed-up systems, rotate the key if it has already been sent in URLs, and require explicit user approval before any command that affects the physical vehicle.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes an API key to a persistent file in the user's home directory, which creates a long-lived secret on disk without setting restrictive file permissions or warning the user about the sensitivity of the data. If the host is shared, backed up insecurely, or other local processes can read the file, the credential could be exposed and used to access Tesla Fleet API functionality.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script appends the API key to the request URL as a query parameter, which can expose the secret in logs, proxy histories, browser/network tooling, monitoring systems, and upstream server access logs. Because this skill controls vehicles through a proxy service, leakage of the key could enable unauthorized access to sensitive vehicle data or remote vehicle actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal