Is kaiofreitas/lg-thinq safe?

https://github.com/openclaw/skills/tree/main/skills/kaiofreitas/lg-thinq

86
SAFE

The lg-thinq skill is a straightforward LG ThinQ appliance control tool with clean SKILL.md content, no prompt injection patterns, and no evidence of credential harvesting or data exfiltration. The primary concerns are an unconstrained 'raw' command that passes arbitrary JSON to device APIs (a legitimate power-user feature that becomes a risk surface if the agent context is hijacked), a stale developer lock.json accidentally committed to the repository, and the inherent sensitivity of controlling physical IoT devices with real-world consequences. All canary files remained intact throughout the audit and the skill's network activity was limited to LG's official API and GitHub.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 87/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

MEDIUM Unconstrained 'raw' command passes arbitrary JSON to device API -13

The 'raw' subcommand in thinq.py accepts sys.argv[3] directly as json.loads input and forwards it as a control payload to any device ID. If an agent were manipulated via prompt injection or a malicious user message, it could invoke this path to send crafted commands to LG appliances without the safety checks applied to named subcommands.

LOW Stale developer lock.json committed with foreign skill reference -8

The .clawhub/lock.json file was accidentally committed from the author's local development environment. It references '[email protected]' as an installed skill. This is a privacy/hygiene issue (leaks developer environment state) but has no active exfiltration mechanism — the file is static JSON with no install trigger.

LOW Skill controls physical IoT devices with real-world consequences -18

Unlike information-only skills, this skill can modify physical appliance settings (temperatures, modes). Malicious invocation or prompt injection leading to 'freezer-temp -24' or disabling eco/express modes could cause food spoilage or appliance damage. Risk is bounded to LG appliances the user has connected.

LOW API token transmitted to LG servers on every invocation -10

The Personal Access Token stored in ~/.config/lg-thinq/token is read and sent to LG's ThinQ Connect API on every command. This is expected and documented behavior, but users should be aware that token activity is visible to LG and that the token should be treated as sensitive.

INFO Pre-clone file access syscalls are audit infrastructure, not skill 0

Syscall records show .env, .ssh/id_rsa, .aws/credentials access at timestamps 1771953219.5xx — approximately 5 seconds before the git clone began (1771953224.894). Post-install accesses at 1771953235.878 align with the audit system's canary integrity verification sweep. Neither set is attributable to skill code.

INFO All honeypot files confirmed intact 0

Post-install monitoring confirms no canary files were modified or exfiltrated. The monitoring summary explicitly states all canary files intact.