Security audit
ClawKit for Lovable
Security checks across malware telemetry and agentic risk
Overview
This appears to be a broad but coherent Lovable.dev workflow helper, with no requested secrets or unusual installer behavior.
This skill looks internally consistent: it is meant to orchestrate Lovable.dev, GitHub, browser verification, and OpenClaw code work, and its requested capabilities match that goal. The main thing to understand is that it is a real plugin with bundled JavaScript code, not just prose instructions, so installing it means trusting that plugin code. Before using publishing, GitHub connection, billing/payment, production, or secret-related workflows, make sure the agent asks for explicit approval as the skill itself instructs.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
