Rivian Ls
v1.1.0Access Rivian vehicle telemetry (battery, range, charge state, locks, doors, tires, cabin temp, location) using the rivian-ls CLI tool. Use when the user ask...
⭐ 1· 173·0 current·0 all-time
byPaul Frederiksen@pfrederiksen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match behavior: the skill simply runs the rivian-ls CLI to fetch vehicle telemetry and formats the output. Bundled script and documentation align with that purpose; nothing in the files attempts to access unrelated services.
Instruction Scope
Runtime instructions and the script call only the rivian-ls CLI and operate on its JSON output. The SKILL.md recommends installing rivian-ls, authenticating (including providing email/password/OTP), using cron to refresh caches, and optionally exposing data via a server-side exec example; these are within the scope of providing telemetry but do recommend actions (storing cached credentials, adding cron jobs, exposing API endpoints) that have privacy implications.
Install Mechanism
The skill itself has no install spec and includes only a small Python script; it instructs users to install the rivian-ls CLI from its GitHub repo or via Homebrew (both reasonable). No downloads from obscure URLs or archive extraction are performed by the skill bundle.
Credentials
The skill metadata declares no required environment variables, which is reasonable because authentication is handled by the external rivian-ls CLI. SKILL.md does reference optional environment variables (RIVIAN_EMAIL, RIVIAN_PASSWORD) and filesystem cache (~/.config/rivian-ls/credentials.json); this is expected but means users must trust the rivian-ls credential cache. No unrelated credentials are requested.
Persistence & Privilege
The skill is not always-on and does not modify other skills or system-wide agent settings. The README suggests creating a cron job to refresh the rivian-ls cache, which is a user-level operational recommendation rather than the skill asserting elevated privileges.
Assessment
This skill is a thin wrapper around the third-party rivian-ls CLI and appears to do what it claims. Before installing: (1) Confirm you trust the upstream rivian-ls project (the SKILL.md links to github.com/pfrederiksen/rivian-ls). (2) Be aware that authenticating requires your Rivian credentials and an OTP; rivian-ls caches tokens at ~/.config/rivian-ls/credentials.json — treat that file as sensitive. (3) If you expose data via a web endpoint or add the suggested cron job, you may unintentionally publish live vehicle location/status to others; secure any server endpoints and cron outputs. (4) Note the tool uses an unofficial API and may break. If you want tighter control, avoid placing credentials in environment variables or public cron jobs and prefer manual or local-only usage.Like a lobster shell, security has layers — review code before you run it.
latestvk9737br1xtc2qc5m4catzgnsn583ewg9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.