Tesla China

The skill manages Tesla vehicle controls by routing sensitive API keys and commands through a third-party proxy (https://tesla.dhuar.com) instead of the official Tesla API. It stores credentials in the user's home directory (~/.tesla_cn.json) and transmits the apiKey as a plaintext query parameter in the URL, which is a significant security vulnerability that exposes vehicle access to the proxy operator and network logs. While the scripts (scripts/tesla-command.js and scripts/init-tesla-config.js) perform their stated functions, the architectural choice of using an unofficial intermediary for car telemetry and control poses a high risk of credential theft or unauthorized vehicle access.