Back to skill
Skillv0.1.1
VirusTotal security
Teslamate Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:35 AM
- Hash
- adefd75fee3171c52a9be11ac5109a0ff9ea9c0361d8544694f0e2ee656632c6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: teslamateskills Version: 0.1.1 The skill bundle provides extensive vehicle monitoring capabilities but contains significant security vulnerabilities and high-risk behaviors. Specifically, `scripts/query_teslamate.py` explicitly disables SSL certificate verification (using `ssl.CERT_NONE`) when connecting to external geocoding (Nominatim) and routing (OSRM) APIs, exposing the agent to Man-in-the-Middle (MITM) attacks. Furthermore, the script allows for the execution of arbitrary SQL queries against the configured Grafana datasource and transmits vehicle location data to third-party services (openstreetmap.org and project-osrm.org). While these functions align with the stated purpose of the skill, the combination of disabled transport security and broad database access poses a meaningful risk to the user's environment.
- External report
- View on VirusTotal