pp-tesla
Provides a JSON-first CLI for Tesla owners to manage vehicle features, charging costs, and supercharger queues efficiently.
Install this skill
or
79/100
Security score
The pp-tesla skill was audited on Jun 6, 2026 and we found 5 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 421
Webhook reference - potential data exfiltration
SourceSKILL.md
| 421 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 423
Webhook reference - potential data exfiltration
SourceSKILL.md
| 423 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
low line 311
Access to hidden dotfiles in home directory
SourceSKILL.md
| 311 | tesla-http-proxy -key-file ~/.config/tesla-pp-cli/private.pem -port 4443 -cert auto & |
medium line 367
Access to hidden dotfiles in home directory
SourceSKILL.md
| 367 | Run `tesla auth login` and the CLI opens Tesla's real login page in your browser. Log in there (Tesla owns MFA, captcha, SMS codes - we never see them), Tesla redirects you to a 404 page on auth.tesla |
medium line 409
Access to hidden dotfiles in home directory
SourceSKILL.md
| 409 | Entries are stored locally at `~/.tesla-pp-cli/feedback.jsonl`. They are never POSTed unless `TESLA_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `TESLA_FEEDBACK_AUTO_SEND=true`. Default |
Scanned on Jun 6, 2026
View Security DashboardGitHub Stars 1.5K
Rate this skill
Categorysales
UpdatedJune 24, 2026
claudehermesfrontendexceldocxgitapidatabasetestingdevopsmobilebackendcustomer-success-managerproduct-marketergrowth-marketersalesmarketing
mvanhorn/printing-press-library