Back to plugin

Security audit

ClawKit for Lovable

Security checks across malware telemetry and agentic risk

Overview

This looks like a broad but coherent Lovable.dev/OpenClaw workflow helper with no requested secrets or separate installer, though users should notice the bundled plugin code and package-name inconsistencies.

This skill is intended to let the agent coordinate Lovable.dev, GitHub, local code edits, browser checks, tests, MCP, and possible publishing workflows. That matches its description, but it is powerful in practice: only approve GitHub, deployment, billing, production, or destructive actions when you understand what will happen, and avoid sending secrets or private customer data to Lovable.dev or MCP tools. Also verify that you are installing the intended package, because the documentation and registry/package names do not fully match.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.