LMP Label Generator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for generating label files locally, with optional cloud preview, but users should notice that cloud preview can upload label contents and the README has some confusing stale API-key references.
This skill appears safe for local label generation. Keep config.apiEndpoint empty if you want local-only use. If you enable cloud preview, use only the official trusted HTTPS endpoint and remember that label data may contain personal or business information. Ignore the stale API-key references unless the current skill configuration actually asks for a key.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Each label request will save a .lmp file locally, which may contain product, shipping, barcode, or other sensitive label details.
The skill directs filesystem writes on every use. This is purpose-aligned for generating label files and includes path-sanitization guidance, but it still creates local files automatically.
write the file immediately to the user's Downloads folder using only the sanitized name
Review the saved file name and contents, and avoid putting secrets or unnecessary personal data into labels.
If cloud preview is enabled, label contents—including possible names, addresses, product details, or barcodes—leave the local environment.
When config.apiEndpoint is set, the skill sends the generated LMP label data to that endpoint for a preview link. The behavior is disclosed and optional, but it is an external data flow.
每次生成标签时技能会向该地址发送本次生成的 LMP 数据
Leave apiEndpoint empty for local-only use; if enabling preview, use only a trusted HTTPS endpoint and avoid uploading sensitive label data unnecessarily.
Users may be confused about whether they need to provide an API key or secret for this skill.
The README repeatedly says the preview mode requires no API key, but later includes API-key setup and troubleshooting text. This looks like stale or inconsistent documentation rather than demonstrated credential use.
No API key required ... Check that config.apiKey is filled in the skill configuration
Do not add API keys unless the current skill configuration explicitly requires them; for the provided artifacts, the declared configuration uses apiEndpoint and frontendUrl only.