Lovable MCP
SuspiciousAudited by ClawScan on May 12, 2026.
Overview
This appears to be a real Lovable integration, but it asks for broad account write/deploy access and tells users to run missing credential-handling scripts, so it should be reviewed before use.
Install only if you intentionally want an agent to manage Lovable projects for you. Before use, review any setup scripts from a trusted source, connect the smallest suitable Lovable workspace, avoid broad production access, and require confirmation before deployment, deletion, database, or governance changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generic request to build an app could result in the agent creating or modifying Lovable projects without the user first choosing that provider.
The skill directs the agent to use Lovable for broad, generic app-building requests, which may route work to an external MCP service even when the user did not explicitly request Lovable.
Even if they just say "make me an app" or "build a dashboard for X" — if the Lovable MCP is connected, this skill applies.
Require explicit user confirmation before using Lovable for generic app-building requests or before sending project details to the Lovable MCP server.
Mistakes or ambiguous prompts could delete or alter projects, deploy unintended changes, or change workspace governance settings.
These are high-impact account and production actions. The visible artifact discloses the power but does not show clear approval, scoping, or rollback requirements for destructive or public-facing operations.
Create, read, update, and delete Lovable projects ... Deploy projects to production ... Manage workspace-level governance
Use explicit confirmations for create/delete/deploy/governance changes, limit actions to a named project/workspace, and prefer diff/review steps before applying changes.
A connected agent could keep access through refresh tokens and make broad changes to Lovable projects or workspace settings.
The OAuth scope set grants persistent offline access plus broad project and workspace write privileges. That is purpose-aligned for a full Lovable automation integration, but it is powerful and not narrowly bounded in the visible artifact.
`scope` | `offline projects:read projects:write projects:create workspaces:read workspaces:write`
Use the least-privileged OAuth client available, connect only a test or intended workspace, and revoke tokens when the skill is no longer needed.
Users may need to trust unreviewed local scripts to process OAuth redirects and store refresh tokens.
The reviewed package is described as instruction-only with no code files, but it tells users to run shell scripts that are not present in the supplied artifacts and that handle OAuth token exchange/storage.
chmod +x scripts/*.sh ... bash scripts/lovable-oauth-setup.sh ... Save the tokens to `config/lovable-tokens.json`
Do not run missing or external scripts unless their source is known and reviewed; the publisher should include the scripts, declare the install mechanism, and document token storage and cleanup.
Project details and commands may be sent to Lovable as part of normal use.
The skill depends on an external MCP server. This is expected for the stated purpose, but it means prompts, project operations, and possibly project code flow through Lovable's service.
Lovable provides a Model Context Protocol (MCP) server at `https://mcp.lovable.dev` that gives AI agents direct access
Use only for projects you are comfortable managing through Lovable, and avoid sending secrets or sensitive source material unless your Lovable workspace policies permit it.