Gprinter
v1.0.0Control and print text, barcodes, and QR codes on the Gprinter GP-C200V ESC/POS thermal printer via Node.js or command line.
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (GP‑C200V printer helper) matches what the files do: building ESC/POS byte arrays and sending them over raw TCP or via an optional local HTTP bridge. Declared dependencies (iconv-lite) and the use of net/fetch are appropriate for encoding GBK and sending bytes to a network printer. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the scripts only instruct building ESC/POS commands, connecting to a printer IP:port, and (optionally) using a local HTTP bridge. The CLI can read a user-specified file (expected functionality). The helper contains an optional sendViaBridge() that POSTs to http://localhost:3000/send (used only if caller chooses it). Nothing in the instructions attempts to read other system secrets or external endpoints beyond the printer or local bridge. There are small implementation bugs/inconsistencies (e.g., inconsistent socket.connect argument order in different files) which may break runtime behavior but are not evidence of malicious intent.
Install Mechanism
This is instruction-only (no install spec). The package.json/package-lock declare a single dependency (iconv-lite) and package-lock points to an npm mirror — normal for Node projects. Because there is no install spec, the environment running these scripts must already provide Node and the dependency; the omission is an operational inconsistency (not a security issue) worth noting.
Credentials
The skill requests no environment variables or credentials. Network targets are limited to the configured printer IP/port (defaults to 192.168.50.189:9100) and an optional local bridge (localhost:3000). These are proportional to the printer use case. No secret-exfiltration vectors are declared or present.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not attempt to modify other skills or system-wide config. It performs network I/O only when its functions are called.
Assessment
This skill appears to be what it says: a Node.js/CLI helper for sending ESC/POS byte commands to a GP‑C200V printer. Before installing/running:
- Be aware it will open TCP connections to the configured printer IP/port (default 192.168.50.189:9100). Only run it in networks where that traffic is expected.
- The library has an optional HTTP bridge mode that POSTs command arrays to http://localhost:3000/send. That only matters if you run a local bridge; do not enable/start unknown services unless you understand them.
- No environment variables or secrets are required. The CLI can read any local file path you supply via --file (expected behavior) — avoid passing sensitive file paths to it.
- Operational notes: package.json lists iconv-lite but there is no install script; ensure your environment has Node and dependencies installed. There are minor code bugs (inconsistent socket.connect argument order and reliance on global fetch in sendViaBridge) that may prevent the scripts from working without small fixes.
If you trust the source and only intend to print to a known printer IP or use the local bridge intentionally, this skill is reasonably proportionate. If you do not trust the package source, review and run the contained JS files in a controlled environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk9766j7ps7f34xhk9vpdz45gc184pqy1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.