SenseCraft HMI Web Content Generator

This skill is coherent with its stated purpose, but take these precautions before using it: - Review the server.js and wizard.js files locally (they are included) so you understand what will be written and served; the init script will create files under {baseDir}/data and run npm install express when invoked. - The skill's workflow recommends exposing http://localhost:19527 (with a token query) to the public internet using tunnels (ngrok, frp, Cloudflare Tunnel). Exposing a local service has real risk: anyone who obtains the tokenized URL can view the page and any files you serve. Only publish if you understand and accept that exposure and rotate/regenerate tokens if needed. - Prefer secure tunneling configuration: use authenticated tunnels, restrict origins where possible, and avoid forwarding ports that allow access to other local services. Do not use TCP tunnels that might expose other ports. - The init script uses npm to install express and uses child_process.execSync; run these scripts in a controlled environment and inspect output before executing. If you do not want files created on disk, do not run init_project.js. - The SKILL.md suggests using pm2 but does not install it — installing global process managers requires elevated privileges and should be done intentionally. - If you intend to use any text-to-image model integration mentioned in the docs, confirm that your OpenClaw instance or environment is configured securely and that any generated images are stored only in the intended data/public/images/ directory. - If you are unsure, run the skill in an isolated machine/container or review the code with someone who knows Node.js. If you want tighter security, avoid exposing the service publicly and use local previews only.