Lg Thinq Universal

v1.1.0

Universal LG ThinQ device setup and control. Discovers appliances and generates secure device skills.

⭐ 1· 352·1 current·1 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for utkarshthedev/lg-thinq-universal.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Lg Thinq Universal" (utkarshthedev/lg-thinq-universal) from ClawHub.
Skill page: https://clawhub.ai/utkarshthedev/lg-thinq-universal
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lg-thinq-universal

ClawHub CLI

Package manager switcher

npx clawhub@latest install lg-thinq-universal

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md and code clearly require LG PAT and country (LG_PAT, LG_COUNTRY) and perform device discovery, profile fetching, and generation of per-device skills — which is coherent with the declared purpose. However, the registry metadata at the top of the submission incorrectly lists no required environment variables or credentials; that mismatch (manifest vs runtime instructions/code) is an inconsistency that could mislead users about what secrets this skill needs and uses.

Instruction Scope

SKILL.md prescribes agent actions that include network calls to LG APIs, file creation (skill directories, .env per-device), venv creation, and a mandatory ‘persistence’ step that writes trigger phrases/paths/command summaries to a global MEMORY.md. The instructions claim to require explicit ask_user permission but also say certain actions 'MUST' be performed 'immediately' (e.g., persisting to MEMORY.md). Writing to global memory and copying tools into ~/.openclaw/workspace/skills are beyond simple discovery and are noteworthy scope/privilege expansions that the user should explicitly approve.

ℹ

Install Mechanism

There is no install spec in the registry (instruction-only), but SKILL.md points to and the package includes setup.sh which will create a local venv and pip install dependencies from PyPI (requests, python-dotenv). Installing from PyPI is expected for a Python tool, but because setup.sh runs locally and extracts files/creates venvs, users should inspect setup.sh before running. No remote, opaque download URLs were shown in provided files, which reduces supply-chain risk compared to arbitrary remote binaries.

Credentials

The environment variables required by the runtime (LG_PAT, LG_COUNTRY, and per-device LG_DEVICE_ID) are appropriate for interacting with the LG ThinQ API — that part is proportional. The inconsistency is that registry metadata didn't declare these required env vars. Also the skill will read LG_PAT from shell or project .env and uses it to contact LG servers; the SKILL.md asserts never to write PAT into generated device folders, but the scripts and templates do create .api_server_cache and per-device .env files (the latter intended to contain only LG_DEVICE_ID). Ensure generated files and copy operations truly do not contain PAT or otherwise expose it.

Persistence & Privilege

The skill will create files under the user's skills workspace, create virtual environments, install dependencies, copy tools/constants, and — per SKILL.md and multiple reference docs — persist a summary into a global MEMORY.md (the skill's instructions say to 'MUST immediately' save trigger phrase, path, and command summary). Persisting this metadata to a global memory file is a privileged action (it writes to a global user artifact) and should be explicitly approved by the user. The skill is not always:true, and autonomous invocation is allowed (default), so combined with persistence this increases blast radius if misused; the SKILL.md does instruct prompting for consent, but the obligation to persist 'immediately' is worth flagging.

What to consider before installing

What to check and do before installing or running this skill: - Registry vs runtime mismatch: The skill's registry entry claimed no required env vars, but SKILL.md and the code require LG_PAT and LG_COUNTRY. Treat LG_PAT as a sensitive secret — do not paste it into chat. Confirm the registry metadata with the publisher before proceeding. - Inspect setup.sh and scripts locally before running: The package includes a setup.sh that will create a venv and pip install packages. Open setup.sh (and the scripts directory) and verify there are no unexpected remote downloads, obfuscated code, or commands that modify unrelated system paths before executing it. - Review persistence behavior: The skill's workflow insists on writing generated skill files into your skills directory and saving a record to your global MEMORY.md. If you do not want these artifacts or metadata recorded, do not allow automatic persistence; insist that the agent ask for explicit approval each time and consider doing the assembly manually. - Confirm that LG_PAT is never written to generated per-device folders: The SKILL.md repeatedly warns NOT to copy LG_PAT into device skill directories and says only LG_DEVICE_ID goes into per-device .env. After generation, inspect the new skill directories to confirm .env contains only LG_DEVICE_ID and that no file inadvertently contains the PAT. - Network access and API keys: The included public constants (x-api-key, x-client-id) are non-secret and referenced in code; the only secret used is LG_PAT. Ensure you trust the skill owner to use your PAT only with LG ThinQ endpoints. - Test in a safe environment first: If possible, run the setup and generation on a disposable account or isolated machine, or run the discovery steps without the '--confirm' flag to view the manifest and outputs first. When asked for confirmation, require the agent to show the exact file list and the MEMORY.md entry it proposes to write. - If unsure, err on the side of caution: refuse automatic writing to global memory and require the agent to prompt for each network call and file-modifying action. If you want additional confidence, ask the skill author for a signed/published homepage or repo and a changelog, or run the code review by a trusted developer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehk68mh3tkkc1ybry5c0xq583c5sm

352downloads

1stars

32versions

Updated 21h ago

v1.1.0

MIT-0

LG ThinQ Universal Manager

🎯 Goal

Provide a secure, automated gateway for LG ThinQ device integration. This skill acts as a discovery engine and skill generator, allowing users to control their appliances via OpenClaw without duplicating sensitive credentials across multiple files.

📦 Supply Chain & Dependencies

For transparency and security, this skill performs the following automated installation steps:

Python Virtual Environment: Created locally within the skill directory to ensure isolation.
External Packages (via PyPI):
- requests: Used for secure communication with the LG ThinQ API.
- python-dotenv: Used for local management of the LG_DEVICE_ID.
Network Access: The installation script connects to pypi.org to download these libraries.

🔑 Obtaining Credentials

If the user asks how to get their tokens, provide these instructions:

Visit the Portal: https://connect-pat.lgthinq.com
Log In: Use your official LG ThinQ account.
Create Token: Click "ADD NEW TOKEN", give it a name (e.g., "OpenClaw"), and select the required features.
Copy PAT: Copy the generated Personal Access Token (PAT) immediately.
Identify Country: Use your 2-letter ISO country code (e.g., US, IN, GB).

🛠️ Prerequisites

The agent MUST ensure the following are set before proceeding:

LG_PAT: Stored in shell environment or root .env.
LG_COUNTRY: Stored in shell environment or root .env.

🔄 Agent Workflow (Mandatory)

Follow these steps in order when a user requests setup:

Step 1: Discovery

Run the automated discovery script. It validates configuration and prepares the device database.

Mandatory Safety Flow:

Generate Manifest: Run ./setup.sh (without flags).
Brief User: Present the Manifest and explain exactly what actions will be performed.
Ask for Permission: Use ask_user to obtain explicit consent.
Execute: Only after approval, run: ./setup.sh --confirm.

Step 2: Assemble Workspace

Review the output from Step 1. Present the discovered devices to the user. Once an ID is selected, move immediately to assembly:

Generate Manifest: Run python3 scripts/assemble_device_workspace.py --id <DEVICE_ID> (without flags).
Ask for Permission: Use ask_user to obtain consent for the file/directory operations.
Execute: Run: python3 scripts/assemble_device_workspace.py --id <DEVICE_ID> --confirm.

Step 3: Document and Persist

After the assembly script completes, you MUST immediately:

Analyze: Review the [AVAILABLE COMMANDS] and [ENGINE CODE] printed by the script.
Consult Reference: Read references/api-reference.md for technical headers and control logic.
Generate SKILL.md: Create the documentation in the new directory using references/device-skill-template.md as your guide.
Persistence: Save the trigger phrase, skill path, and command summary into your global MEMORY.md.

⌨️ Universal Management Commands

Use these commands for maintenance and discovery:

Command	Description	Use Case
`python scripts/lg_api_tool.py list-devices`	List all linked appliances	Verify connectivity
`python scripts/lg_api_tool.py save-route`	Discover regional server	Fix "Route not found" errors
`python scripts/lg_api_tool.py get-state <id>`	Get raw device state	Deep debugging
`python scripts/lg_api_tool.py --help`	Show all API tool options	Explore advanced features

🛡️ Security Mandates

Zero-Leak Policy: NEVER ask the user to paste their LG_PAT into the chat.
Credential Isolation: NEVER copy LG_PAT into generated device skill directories. Only LG_DEVICE_ID is permitted in those locations.
Local-Only: All API communication must remain local.

📚 References

Document	Purpose
`references/skill-creation.md`	Detailed post-setup workflow for creating device skills
`references/skill-generation-guide.md`	Instructions for building device-specific SKILL.md files
`references/manual-setup.md`	Manual installation steps (without setup scripts)
`references/api-reference.md`	Technical details on API headers and control logic
`references/device-example.md`	Complete example of a generated device skill
`references/public_api_constants.json`	Public API keys and constants used by the scripts

🚨 Error Handling

Symptom	Resolution
`401 Unauthorized`	Token expired. Guide user to https://connect-pat.lgthinq.com.
`No devices found`	Verify device is added to the official LG ThinQ App on mobile first.
`Permission denied`	The script should already be executable. If not, inform the developer.

Comments

Loading comments...