Openclaw Lifx
v1.0.1Control LIFX smart lights via natural language. Toggle, set colors/brightness, activate scenes, create gradients on multi-zone devices.
⭐ 0· 746·0 current·1 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (LIFX control) match the scripts and README. The skill legitimately needs a LIFX API token and uses the LIFX HTTP API. Minor inconsistency: the registry metadata lists no required binaries, but the README and scripts expect curl, jq, and python3 (and the Python code requires the requests library).
Instruction Scope
SKILL.md instructs the agent to run the included scripts (setup.sh, lifx-api.sh, scene-status.py) and to use the LIFX API. The scripts only call the LIFX API endpoints (api.lifx.com) and read/write local skill files (.lifx-token, SKILL.md). There are no instructions to read unrelated system files or send data to other external endpoints.
Install Mechanism
No install spec (instruction-only) and all runtime code is included in the skill bundle — no network installs or archive extraction. This is low-risk from an install-mechanism perspective.
Credentials
Only LIFX_TOKEN is required (declared and used). The token is used exclusively to authenticate to the LIFX API. No unrelated credentials or environment variables are requested.
Persistence & Privilege
Not set to always:true and does not modify other skills. However, setup.sh persists your token to a local file (.lifx-token) and rewrites SKILL.md to include your device context (room names, group IDs, scene UUIDs). This is expected for the stated functionality but is persistent storage of sensitive info and device metadata.
Assessment
This skill appears to do what it says: it uses your LIFX token to call the official LIFX API and manage lights. Before running setup.sh, review the scripts (they are included) and be aware that setup.sh will save your token to .lifx-token in the skill directory and generate a SKILL.md containing your room names, group IDs, and scene UUIDs. Recommendations: (1) Use a dedicated LIFX personal access token (revokable) rather than a long-lived account credential. (2) After setup, consider whether you want the token stored on disk; if not, remove .lifx-token and export LIFX_TOKEN at runtime. (3) Ensure your system has curl, jq, python3, and the Python requests package installed — the metadata did not declare these dependencies. (4) The scene-status.py file has an absolute Python shebang (/storage/venv/bin/python3) but the scripts invoke python3 explicitly; you can run it with your system python3 to avoid the hardcoded path. (5) Only install this skill in environments you trust, since SKILL.md will contain readable device and scene identifiers that could reveal household device topology if the skill directory is shared or backed up.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
💡 Clawdis
EnvLIFX_TOKEN
latest
LIFX Light Control
Control LIFX smart lights via the LIFX HTTP API through natural language.
References
lifx-api.sh— Bash wrapper for all LIFX API callsscene-status.py— Scene matching and active detectionsetup.sh— Device discovery and skill configuration
Configuration
Set your LIFX API token (get one at https://cloud.lifx.com/settings):
bash setup.sh <your-token>
This discovers your lights, groups, and scenes, then generates a personalized SKILL.md with your device context.
Device Context
Run
bash setup.sh <your-token>to populate this section with your lights, rooms, and scenes. The setup script queries the LIFX API and rewrites this file with your personal device context.
Location: (not configured)
Rooms and Lights
(populated by setup.sh)
Scenes
(populated by setup.sh)
Multi-zone Devices
(populated by setup.sh)
How to Control Lights
Discover lights
bash lifx-api.sh discover
Shows all lights organized by room with power state, color, and brightness.
Toggle lights on/off
bash lifx-api.sh toggle <selector>
Selectors:
- Individual light:
id:<light_id> - Group/room:
group_id:<group_id> - All lights:
all
Set light state (color, brightness, power)
bash lifx-api.sh state <selector> '{"power":"on","color":"blue","brightness":0.75,"duration":1.0}'
Color formats:
- Named:
red,blue,green,white,warm white,purple,orange - Hex:
#ff6b35 - Kelvin:
kelvin:2700(warm) tokelvin:6500(cool daylight) - HSB:
hue:240 saturation:1.0
Always include "power":"on" and a brightness value when setting colors, or lights with brightness 0 will stay invisible.
Activate a scene
bash lifx-api.sh scene <scene_uuid>
Toggle a room
bash lifx-api.sh group-toggle <group_id>
Multi-zone gradients (Beam / Strip devices)
Multi-zone devices support individually addressable zones. Create gradients by setting different zone ranges:
bash lifx-api.sh state 'id:<light_id>|0-4' '{"power":"on","color":"purple","brightness":1.0,"duration":1.0}'
bash lifx-api.sh state 'id:<light_id>|5-9' '{"power":"on","color":"red","brightness":1.0,"duration":1.0}'
The pipe character in zone selectors is automatically URL-encoded by the script.
Check scene status
python3 scene-status.py all # Show all active scenes
python3 scene-status.py check <uuid> # Check specific scene
List current light states
bash lifx-api.sh list # Full JSON
bash lifx-api.sh groups # Summary by room
Behavior Guidelines
- When user says a room name, match it to the group IDs in the device context above.
- Default brightness to 1.0 (100%) when setting colors unless user specifies otherwise.
- Default duration to 1.0 seconds for smooth transitions.
- For "turn off" commands, use
{"power":"off"}— don't toggle (toggling is ambiguous). - For "turn on" commands, use
{"power":"on","brightness":1.0}to ensure visibility. - When asked about what's on/what scene is active, use the scene-status tool or discover command.
- Be conversational about results: "Done, bedroom is now blue at 75%" not "API returned 207".
Comments
Loading comments...