ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Teslamate Grafana

Query TeslaMate vehicle data via Grafana API. Use when user wants Tesla vehicle status, battery info, drives, charges, or statistics. Requires Grafana runnin...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 28 · 0 current installs · 0 all-time installs
by@zengfei88
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and instructions: the script posts SQL to Grafana's /api/ds/query to read TeslaMate data and provides drives/status/route utilities. Requiring a reachable Grafana with a TeslaMate PostgreSQL datasource is coherent.
!
Instruction Scope
The script and README direct the skill to call external services (Nominatim and OSRM) with live vehicle coordinates for reverse geocoding and routing. These external network calls transmit sensitive location data and are not blocked or anonymized. The code also disables SSL certificate verification for some requests (Nominatim and OSRM context), weakening TLS protections. The SKILL.md/README mention geocoding/OSRM, but do not clearly warn about the privacy implications of sending precise vehicle coordinates to third-party hosts.
Install Mechanism
Instruction-only skill with included Python script; there is no download-from-URL, no package installation, and nothing written to system-wide locations by an installer. Risk from install mechanism is low.
Credentials
The skill requests no environment variables or credentials. That is plausible for a local Grafana instance, but the script assumes the Grafana API is reachable without authentication. If your Grafana requires API keys or auth, the script provides no mechanism to supply them, which may require code changes. No unrelated credentials are requested.
Persistence & Privilege
always:false and no special persistence or system-wide changes are requested. The skill reads/writes a single config file under the OpenClaw workspace memory path, which is within its scope.
What to consider before installing
This skill appears to implement its stated purpose, but review these points before installing: (1) Privacy: the script will send your vehicle's coordinates to public Nominatim and OSRM endpoints for address lookups and routing — if you do not want location data leaving your network, do not use those features or replace them with self-hosted services. (2) TLS: the code disables SSL certificate verification for some external requests; consider re-enabling verification (remove CERT_NONE) to avoid MITM risk. (3) Grafana auth: the script posts raw SQL to Grafana and assumes the Grafana API is reachable without authentication; if your Grafana is protected, the script will need to be modified to send API keys/basic auth. (4) Inspect the full scripts yourself (the provided snippet appears truncated) and run in a controlled environment first. If you plan to use this on a production vehicle or network, prefer a local/self-hosted routing/geocoding service and tighten Grafana access controls.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk970rtk7zgtt3ra203zx81b1s1830ewz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

TeslaMate Grafana API Skill

Query TeslaMate data through Grafana's /api/ds/query endpoint using the PostgreSQL datasource.

Configuration

Grafana address is stored in ~/.openclaw/workspace/memory/teslamate-grafana-config.json:

{
  "grafana_url": "http://192.168.31.218:3000",
  "datasource_id": 1
}

To update address:

echo '{"grafana_url": "http://YOUR-GRAFANA:3000", "datasource_id": 1}' > ~/.openclaw/workspace/memory/teslamate-grafana-config.json

Usage

Python Script

Run scripts/query_teslamate.py with SQL query or built-in commands:

# Quick status
python3 scripts/query_teslamate.py --status
# Output: Battery: 10% | Range: 39.78 km | State: offline | Today: 14.55 km

# Recent drives (with address lookup)
python3 scripts/query_teslamate.py --drives 5
# Output: Table with time, start/end addresses, distance, duration

# Route planning (calculate distance, time, and energy estimate)
python3 scripts/query_teslamate.py --route "广州珠江新城"
# Output: Distance, duration, energy needed, arrival range, warning if low battery

# Raw SQL query
python3 scripts/query_teslamate.py "SELECT battery_level, date FROM positions ORDER BY date DESC LIMIT 1"

Available Queries

QueryDescription
SELECT battery_level, ideal_battery_range_km, date FROM positions ORDER BY date DESC LIMIT 1Current battery & range
SELECT state FROM states ORDER BY start_date DESC LIMIT 1Vehicle status (online/offline/driving/charging/asleep)
SELECT SUM(distance), SUM(duration_min) FROM drives WHERE start_date >= CURRENT_DATEToday's drives
SELECT id, start_date, end_date, distance, duration_min FROM drives ORDER BY id DESC LIMIT 5Recent drives
SELECT start_date, end_date, start_battery_level, end_battery_level FROM charging_processes ORDER BY start_date DESC LIMIT 1Last charge
SELECT * FROM carsVehicle info
SELECT * FROM settingsTeslaMate settings

Common Metrics

  • Battery: battery_level (0-100%), ideal_battery_range_km
  • Drive: distance (km), duration_min (minutes), speed_max, power_max
  • Charge: charge_energy_added (kWh), charger_power (kW), charger_voltage (V)
  • States: state = 'online'|'offline'|'driving'|'charging'|'asleep'|'updating'

API Details

  • Endpoint: {grafana_url}/api/ds/query
  • Method: POST
  • Content-Type: application/json
  • Datasource: PostgreSQL (TeslaMate)

Request body:

{
  "queries": [{
    "refId": "A",
    "datasourceId": 1,
    "rawSql": "YOUR SQL QUERY",
    "format": "table"
  }]
}

Response contains results in results.A.data.values.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…