Carsxe

v1.0.3

Access the full suite of CarsXE vehicle data APIs — VIN decoding, license plate lookup, market value, vehicle history, safety recalls, lien/theft checks, OBD...

⭐ 0· 159·1 current·1 all-time

byOmar Walied@0marwalied

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 0marwalied/carsxe.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Carsxe" (0marwalied/carsxe) from ClawHub.
Skill page: https://clawhub.ai/0marwalied/carsxe
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install carsxe

ClawHub CLI

Package manager switcher

npx clawhub@latest install carsxe

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description match the instructions and reference material: the skill is a wrapper for CarsXE vehicle-data endpoints (specs, plate decode, history, recalls, OBD, OCR, etc.). That capability set is coherent for the stated purpose. However, the registry metadata lists no required environment variables/primary credential while SKILL.md explicitly requires a CarsXE API key — a metadata/instruction mismatch.

✓

Instruction Scope

SKILL.md prescribes calling CarsXE REST endpoints and chaining queries (plate → VIN → specs/history). It does not direct the agent to read unrelated system files, other env vars, or external endpoints beyond api.carsxe.com. It does instruct sending image URLs for OCR to the API — expected for the feature but sensitive because it sends user images/PII to the external service.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk or downloaded at install time. That reduces install-time risk.

Credentials

SKILL.md requires the user to supply a CarsXE API key for every request, but the registry metadata declares no required env vars or primary credential. The skill will need a secret (API key) to function; the absence of a declared credential is an inconsistency that affects how the platform will handle key storage and permissions. Also, because the API handles VINs/plates and images, any supplied key will grant access to potentially sensitive personal data; ensure the key is scoped/limited and stored securely.

✓

Persistence & Privilege

Flags show no always:true and default autonomous invocation is allowed (platform default). The skill does not request persistence or system-wide config changes in its instructions.

What to consider before installing

This skill appears to be a straightforward CarsXE API client, but note two things before installing: (1) Metadata omits the required API key — ask the publisher or the registry how the key will be provided and stored (do not paste your key into public chat). The skill's instructions expect you to supply the CarsXE key at runtime; confirm whether the platform will store it securely as a secret/env var. (2) The skill sends VINs, license plates, and image URLs to api.carsxe.com (sensitive PII). Confirm you trust CarsXE and the skill owner, check the official CarsXE docs and domain, and prefer limited/rotatable API keys. If you need stronger assurance, request the publisher add explicit required env var metadata and a privacy statement describing how keys and uploaded images are handled.

Like a lobster shell, security has layers — review code before you run it.

latestvk977a987b45vcjncatrr5n66hn83zp7z

159downloads

0stars

4versions

Updated 3w ago

v1.0.3

MIT-0

CarsXE Skill

CarsXE provides a REST API for comprehensive vehicle data. All endpoints are at https://api.carsxe.com and require an API key passed as ?key=YOUR_API_KEY.

API Key setup: The user must have a CarsXE API key from https://api.carsxe.com/dashboard/developer. If no key is configured, ask the user to provide it before making any API calls.

See references/api-reference.md for full endpoint details, parameters, and response formats.

Quick API Map

User intent	Endpoint	Parameters
Decode a VIN / get specs	`GET /specs`	`vin`
Decode a license plate	`GET /platedecoder`	`plate`, `country` (required), `state` (optional)
Market value	`GET /marketvalue`	`vin`
Vehicle history report	`GET /history`	`vin`
Vehicle images	`GET /images`	`make`, `model` + optional filters
Safety recalls	`GET /recalls`	`vin`
Lien & theft check	`GET /lientheft`	`vin`
International VIN	`GET /internationalvin`	`vin`
Year/Make/Model lookup	`GET /ymm`	`year`, `make`, `model`, optional `trim`
OBD code diagnosis	`GET /obd`	`code`
VIN OCR from image	`POST /vinocr`	`imageUrl` in JSON body
Plate OCR from image	`POST /platerecognition`	`imageUrl` in JSON body

Workflow

1. Authenticate

Always confirm or ask for the API key before making requests. The key is passed as a query param:

https://api.carsxe.com/specs?key=USER_API_KEY&vin=WBAFR7C57CC811956

2. Choose the right endpoint

Match the user's query to the table above. When context is ambiguous:

VIN provided → prefer /specs first, then chain to other endpoints as needed
Plate provided → use /platedecoder to resolve VIN, then chain if needed
Make/Model/Year only → use /ymm or /images
OBD code (P/C/B/U + digits) → use /obd
Image URL provided → use /vinocr or /platerecognition (POST)

3. Chain requests when helpful

A common power workflow: plate → VIN → specs + history + recalls in parallel. Example: "Is this plate stolen and does it have open recalls?"

GET /platedecoder → extract VIN
In parallel: GET /lientheft + GET /recalls

4. Present results

Format output clearly with sections per API call. Use Markdown tables or lists for specs, highlight important findings (open recalls, theft records, salvage titles) prominently.

Error Handling

HTTP Status	Meaning	Action
401 / `invalid key`	Bad or missing API key	Ask user to check their key
404 / `no results`	VIN/plate not found in database	Inform user, suggest double-checking
429	Rate limit exceeded	Wait and retry, inform user
5xx	Server error	Retry once, then report error

Always check the error field in JSON responses — CarsXE sometimes returns HTTP 200 with an error body.

Examples

"What are the specs for VIN WBAFR7C57CC811956?" → GET https://api.carsxe.com/specs?key=KEY&vin=WBAFR7C57CC811956

"Decode California plate 7XER187" → GET https://api.carsxe.com/platedecoder?key=KEY&plate=7XER187&state=CA&country=US

"What's my car worth? VIN WBAFR7C57CC811956" → GET https://api.carsxe.com/marketvalue?key=KEY&vin=WBAFR7C57CC811956

"Does this car have any recalls? 1C4JJXR64PW696340" → GET https://api.carsxe.com/recalls?key=KEY&vin=1C4JJXR64PW696340

"My check engine light shows P0300" → GET https://api.carsxe.com/obd?key=KEY&code=P0300

"Extract the VIN from this photo: https://example.com/vin.jpg" → POST https://api.carsxe.com/vinocr?key=KEY with body {"imageUrl":"https://example.com/vin.jpg"}

Reference Files

references/api-reference.md — Full parameter lists, response field descriptions, and edge cases for all 11 endpoints. Read this when you need exact field names or want to use optional filters.

Comments

Loading comments...