Back to plugin

Security audit

ClawKit for Lovable

Security checks across malware telemetry and agentic risk

Overview

This appears to be a broad but coherent Lovable.dev workflow helper, with no requested secrets or unusual installer behavior.

This skill looks internally consistent: it is meant to orchestrate Lovable.dev, GitHub, browser verification, and OpenClaw code work, and its requested capabilities match that goal. The main thing to understand is that it is a real plugin with bundled JavaScript code, not just prose instructions, so installing it means trusting that plugin code. Before using publishing, GitHub connection, billing/payment, production, or secret-related workflows, make sure the agent asks for explicit approval as the skill itself instructs.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.