ClawHub

Tesla Fleet API

v1.5.2

Use when integrating with Tesla's official Fleet API to read vehicle/energy device data or issue remote commands (e.g. start HVAC preconditioning, wake vehic...

1· 3.1k·10 current·11 all-time
byOliver Drobnik@odrobnik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Tesla Fleet API) match the requested binaries (python3, openssl) and required env vars (TESLA_CLIENT_ID, TESLA_CLIENT_SECRET). The included scripts implement OAuth flows, vehicle data reads, and signed command proxying as described.
Instruction Scope
SKILL.md and the scripts' logic stay on-topic: they read/write config.json/auth.json/vehicles.json/private-key.pem in a documented workspace, run a local callback server for OAuth, and call Tesla Fleet / auth endpoints. There are no instructions to read unrelated system secrets or to send data to unexpected external hosts.
Install Mechanism
This is instruction-only (no automated installer). The proxy requires installing a Go binary (github.com/teslamotors/vehicle-command/cmd/tesla-http-proxy) via 'go install' per SETUP.md — a normal step but a supply-chain consideration (you should pin/verify the proxy release before installing). No arbitrary remote archive downloads are performed by the skill itself.
Credentials
Only TESLA_CLIENT_ID and TESLA_CLIENT_SECRET are required; other env vars and files (access/refresh tokens, domain, private key) are optional or clearly documented. Requested credentials align with the described OAuth flows and proxy usage.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or global agent settings. It writes only its own state (config/auth/vehicles/places/proxy TLS) in the workspace; tokens and the private key are stored locally (scripts try to set private permissions).
Assessment
This package appears to be a genuine Tesla Fleet API CLI. Before installing: (1) only provide TESLA_CLIENT_ID / TESLA_CLIENT_SECRET that you created for your own Tesla developer app; do not paste these into untrusted locations; (2) the tool asks you to generate and store an EC private key (private-key.pem) and will keep OAuth tokens in auth.json—store these files in a secure workspace and ensure file permissions are restrictive; (3) the signed-command proxy requires installing a Go binary from github.com/teslamotors — verify the exact version and source before running to reduce supply-chain risk; (4) confirm the Fleet/auth base URLs and domain names match official Tesla endpoints you expect (the repo uses fleet-auth.prd.vn.cloud.tesla.com / fleet-api.prd.* hosts); and (5) review SETUP.md and start_proxy.sh to ensure the workspace detection and file paths match where you want these secrets stored. If you are uncomfortable with storing keys/tokens in the detected workspace, run the scripts with an explicit --dir pointing to a secured directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk975svjq663fxx5d8ckf4j752d83w253

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚗 Clawdis
Binspython3, openssl
EnvTESLA_CLIENT_ID, TESLA_CLIENT_SECRET

Comments