tesla-cn Security Report — Low Risk | ClawSafe

15 /100

tesla-cn

面向中国特斯拉车主的远程控制技能，基于特斯拉官方车队 API（Fleet API）实现

A legitimate Tesla Fleet API client skill with no malicious behavior detected; moderate concerns around third-party proxy trust and API key in query parameters do not constitute active threat.

Skill Nametesla-cn

Duration45.4s

Enginepi

✓

Safe to install

Approve for use. Consider auditing the proxy at tesla.dhuar.com independently. Pin Node.js to v18+ and consider storing the API key in environment variables instead of ~/.tesla_cn.json for reduced disk exposure.

Findings 3 items

Severity	Finding	Location
Low	API key sent as URL query parameter Sensitive Access In buildRequest(), the apiKey is appended to the URL as a query string parameter rather than placed in an HTTP Authorization header. This exposes the key in server-side access logs, CDN logs, browser history, and proxy logs along the request path to tesla.dhuar.com. const fullUrl = `${PROXY_URL}${path}${separator}apiKey=${encodeURIComponent(apiKey)}`; → Use an Authorization header (e.g., Authorization: Bearer <apiKey>) instead of a query parameter. Update the proxy server to accept it in the header.	`scripts/tesla-command.js:134`
Low	Third-party proxy is a trust boundary with no independent audit Data Exfil All API requests — including the apiKey, VINs, vehicle data, and command payloads — are routed through the unaudited proxy at tesla.dhuar.com. The proxy has full visibility into every vehicle command and could log, modify, or redirect traffic. This is not declared as a risk in SKILL.md. `const PROXY_URL = "https://tesla.dhuar.com";` → Add a trust section to SKILL.md warning users that all traffic routes through this proxy. Provide guidance on how to verify or self-host the proxy if available.	`scripts/tesla-command.js:12`
Low	warranty_details endpoint missing from command registry Doc Mismatch SKILL.md documents a 'warranty_details' command (GET /api/1/dx/warranty/details) but tesla-command.js does not implement this endpoint in its config object, making the documented command unusable. `# 车辆保修信息（GET /api/1/dx/warranty/details）` → Either implement the endpoint in tesla-command.js or remove it from SKILL.md to avoid misleading users.	`SKILL.md:67`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	tesla-command.js:144-152 — fetch() to PROXY_URL
Filesystem	`WRITE`	`WRITE`	✓ Aligned	init-tesla-config.js:75 — fs.writeFileSync to ~/.tesla_cn.json; tesla-command.js…
Shell	`NONE`	`NONE`	—	No subprocess, exec, or shell invocation found
Environment	`NONE`	`READ`	✓ Aligned	tesla-command.js:88, init-tesla-config.js:56 — reads HOME/USERPROFILE only for p…
Skill Invoke	`NONE`	`NONE`	—	No child skill invocation found

1 findings

🔗

Medium External URL 外部 URL

https://tesla.dhuar.com

SKILL.md:16

File Tree

3 files · 15.2 KB · 581 lines

JavaScript 2f · 401L Markdown 1f · 180L

├─ ▾ 📁 scripts

│ ├─ 📜 init-tesla-config.js JavaScript 99L · 2.2 KB

│ └─ 📜 tesla-command.js JavaScript 302L · 7.5 KB

└─ 📝 SKILL.md Markdown 180L · 5.6 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`node (built-in)`	`18+`	runtime	No	Uses only built-in Node.js modules (fs, path, fetch). No external npm dependencies.

Security Positives

✓ No shell execution, subprocess, or arbitrary code execution found

✓ No base64-encoded payloads or obfuscation detected

✓ No access to sensitive paths such as ~/.ssh, ~/.aws, or .env

✓ API key is stored locally in a user-owned JSON file, not hardcoded

✓ No credential harvesting beyond the legitimate API key needed for service operation

✓ No persistence mechanisms (cron, startup hooks) or backdoors

✓ No evidence of data exfiltration to unrelated third parties

✓ No supply chain risks — no external npm dependencies, only built-in Node.js modules

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives