ClawHub

Tessie Tesla Control

v2.0.3

Control and monitor your Tesla vehicles via Tessie API for battery, climate, charging, drives, location, and vehicle state management.

3· 3.3k·3 current·3 all-time
byAanish Bhirud@baanish
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md both describe a Tessie-based Tesla control skill (vehicle status, climate, charging, drives), so the capability matches the name. However the registry metadata claims no required env vars or config paths, while SKILL.md and the script clearly expect a TESSIE_API_KEY and read a Clawdbot config (~/.clawdbot/clawdbot.json). Also the script depends on external binaries (jq, curl) that are not declared. The omission in metadata is inconsistent and should be corrected.
!
Instruction Scope
SKILL.md and the bundled script instruct the agent to call Tessie endpoints using an API key and to auto-detect vehicle info from the user's Clawdbot config. The script reads the user's ~/.clawdbot/clawdbot.json to extract the API key and vehicle id/VIN. Some error branches print raw API responses (e.g., 'Response: $RESULT'), which can contain PII/location/vehicle metadata. There are also references to functions or checks in the script that appear undefined/truncated (e.g., validate_number, get_vehicle_id), suggesting the script may be buggy. Together these expand the agent's data access beyond what the registry metadata declares.
Install Mechanism
This is an instruction-only skill with a bundled script; there is no install spec that downloads external code. No remote installs or archives are used, which reduces installer risk.
!
Credentials
The skill requires an API key for Tessie (TESSIE_API_KEY) and optionally a vehicle id; SKILL.md asks users to set the key via environment or the Clawdbot config. Yet the registry lists no required environment variables and no config path requirements. The script reading the Clawdbot config could access unrelated stored data (potentially other credentials) if the config contains them. The requested credential is reasonable for the claimed purpose, but the lack of declaration and the script's file access are disproportionate and risky.
!
Persistence & Privilege
The skill is not always-on and can be invoked by the agent, which is normal. However the script reads the user's agent config (~/.clawdbot/clawdbot.json) to obtain credentials/vehicle info; that gives it access to a file which may contain other keys or metadata. While it appears to only jq specific fields, the code path that reads the file is not declared in metadata and debug output may leak API responses. This elevated file access without explicit declaration is a privilege concern.
What to consider before installing
What to check before installing: - Metadata mismatch: The skill bundle/metadata did not declare required environment variables or config paths, but SKILL.md and tessie.sh expect TESSIE_API_KEY and read ~/.clawdbot/clawdbot.json. Treat that mismatch as a red flag and ask the author to correct the metadata. - Config access: The script reads your Clawdbot config file. Verify that this file does not contain other credentials you don't want the skill to access, or ask for a version that accepts the API key via a single dedicated environment variable only. - Potential PII leakage: Some error branches print full API responses (Response: $RESULT). Ask the maintainer to remove or make this gated behind a --verbose flag to avoid leaking location/vehicle metadata. - Missing declarations and deps: The script uses jq and curl (and possibly other helper functions referenced but not defined). Ensure those tools are available and request a complete, syntax-checked script (some functions like validate_number/get_vehicle_id appear undefined in the provided fragment). - Test in isolation: If you decide to proceed, run the skill in a sandboxed environment or with a limited/test Tessie account and review network traffic and stdout to confirm no unexpected data exfiltration. If the author cannot (or will not) correct the metadata, remove debug prints, and confirm precise file access, consider classifying this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97721maqq4htyqsk50bj6hres7z76zm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments