ClawHub

Tesla Commands

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Tesla control, but it gives an agent high-impact vehicle-control authority with weak safeguards and one under-documented schedule-deletion command.

Install only if you are comfortable giving the agent token-backed ability to read vehicle status and change Tesla settings. Protect the MyTeslaMate token like a credential, confirm the target VIN before use, and avoid using schedule-removal or other mutating commands unless you intentionally want the vehicle state changed immediately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation exposes remote vehicle-control capabilities such as waking the car, changing climate, and modifying charging schedules without an explicit warning that these actions affect a real physical asset and may change state immediately. In this context, omission is dangerous because users may trigger commands casually or through automation without appreciating battery, privacy, availability, or safety consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requests a MyTeslaMate API token and vehicle VIN, both of which are sensitive account and asset identifiers, but provides no privacy or handling guidance. If exposed through logs, screenshots, prompts, or insecure storage, these values could enable unauthorized access to vehicle telemetry and remote-control functions tied to a specific car.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script enables safety-sensitive remote vehicle actions and data access using ambient credentials from environment variables, but provides no warning, friction, or confirmation before executing commands. In an agent or automation context, this increases the chance of accidental vehicle control, privacy-impacting status retrieval, or unintended execution against the default VIN.

Missing User Warnings

High
Confidence
93% confidence
Finding
The remove_charge_schedule command performs an irreversible configuration deletion without any confirmation prompt, dry-run mode, or undo path. In an automated agent setting, a mistaken invocation or prompt-injection-driven action could silently delete charging schedules, causing operational disruption and user harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal