Tesla China
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned, but it gives a third-party Tesla proxy/API key high-impact control over a real vehicle without strong credential or approval safeguards.
Before installing, confirm you trust tesla.dhuar.com and understand that this skill can control a real Tesla. Protect the ~/.tesla_cn.json API key, avoid exposing VIN/location responses, and require manual confirmation before any physical vehicle command.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or too freely by an agent, the skill can affect a real car and people nearby.
The script allowlists but directly executes physical vehicle-control POST commands, including locking doors and opening a trunk, without an explicit confirmation step in the code.
door_lock: { url: '/api/1/vehicles/{vin}/command/door_lock', method: 'POST' ... }, ... actuate_trunk: { url: '/api/1/vehicles/{vin}/command/actuate_trunk', method: 'POST' ... } ... const res = await fetch(request.url, request.options);Require explicit user confirmation before every physical vehicle command, especially trunk, horn, charge port, climate, or lock actions.
Anyone with access to that key, or to logs containing the request URL, may be able to control or query the vehicle through the proxy.
The skill reads a persisted API key from the user's home directory and appends it to requests sent to the Tesla proxy service; that key appears to authorize vehicle data access and commands.
const raw = fs.readFileSync(configPath, 'utf8'); ... return parsed.apiKey.trim(); ... const fullUrl = `${PROXY_URL}${path}${separator}apiKey=${encodeURIComponent(apiKey)}`;Use only if you trust the proxy operator, protect ~/.tesla_cn.json, avoid logging command URLs, rotate the key if exposed, and ensure the skill metadata declares the credential requirement.
VINs, vehicle status, and possibly location-related data may be visible to the proxy service.
Vehicle data and command traffic flow through a third-party gateway domain, while the artifacts do not describe that gateway's operator, retention, logging, or data boundary.
const PROXY_URL = "https://tesla.dhuar.com"; ... vehicle_data: { url: '/api/1/vehicles/{vin}/vehicle_data', method: 'GET', requiresVin: true }Review the proxy's privacy/security terms before use and avoid requesting or sharing raw vehicle_data output unless necessary.
A user could assume they are only interacting with Tesla, when the skill actually depends on a separate service for credentials and requests.
The documentation emphasizes the official Tesla Fleet API while also requiring an API key from a non-Tesla domain; users may not realize the practical trust boundary includes that third-party service.
基于特斯拉官方车队 API(Fleet API)实现 ... 一个在 `https://tesla.dhuar.com` 获取的 `apiKey`
Clearly disclose the role of tesla.dhuar.com, whether it is a proxy, what access it receives, and why it should be trusted.
Installers may not see the real runtime and credential requirements until reading the skill file.
The registry metadata does not declare the Node.js runtime or API-key credential that SKILL.md requires, and there is no homepage/source provenance for a high-impact vehicle-control integration.
Source: unknown; Homepage: none; Required binaries (all must exist): none; Primary credential: none
Update metadata to declare Node.js, the API-key credential, config path, external service, and a verifiable project homepage/source.