Back to skill

Security audit

LG ThinQ

Security checks across malware telemetry and agentic risk

Overview

This LG ThinQ skill mostly matches its appliance-control purpose, but it needs Review because it exposes an under-documented raw command that can send arbitrary control payloads to real devices.

Install only if you trust the publisher and are comfortable giving an agent control over your LG ThinQ appliances. Protect the token file, verify the thinqconnect dependency before installing it, and avoid the raw command unless you personally review the target device and exact JSON payload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documentation and detected capabilities indicate it can read/write local files and access the network, yet it declares no permissions. That weakens user transparency and consent, making it easier for a skill to handle credentials and control external devices without clear disclosure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose frames the skill as limited appliance control, but the underlying behavior reportedly includes listing all account devices, generic status lookup for arbitrary device IDs, and sending raw JSON control commands. This broader control surface materially increases risk because users may authorize the skill expecting narrow functions while it can issue more powerful or less-audited commands to physical devices.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill exposes a `raw <device> <json>` command that accepts arbitrary JSON and forwards it directly to `async_post_device_control` with no allowlist, schema validation, or scope restriction. This bypasses the manifest’s implied limited appliance controls and enables any state-changing operation supported by the ThinQ API, including commands the user or orchestrator may not expect.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code resolves any device ID or alias from the cached ThinQ device list and then submits arbitrary control payloads to that device, allowing control beyond the described fridge/washer/dryer/AC-focused operations. In a skill context, this scope mismatch is dangerous because safety and policy controls may rely on the manifest’s narrower declared behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill can change temperatures, modes, and other settings on physical appliances, but the description does not warn that actions may alter real-world device behavior. Missing this disclosure can lead users to invoke commands without appreciating safety, food storage, energy use, or equipment impacts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup instructions direct users to store a personal access token in a local file without emphasizing that it is a sensitive credential. That increases the chance of accidental exposure through weak file permissions, shell history, backups, or user misunderstanding of the token's power over connected appliances.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The raw control path performs immediate state-changing operations on physical devices without any warning, dry-run, or user confirmation. Because this skill controls real appliances, unintended or maliciously prompted commands could alter temperatures, modes, or other device behavior with real-world consequences such as spoilage, energy waste, or operational disruption.

Credential Access

High
Category
Privilege Escalation
Content
## Setup

1. Get a Personal Access Token from https://connect-pat.lgthinq.com
2. Store token: `echo "YOUR_TOKEN" > ~/.config/lg-thinq/token`
3. Store country code: `echo "MX" > ~/.config/lg-thinq/country`
Confidence
78% confidence
Finding
Access Token

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.