ClawKit Creative Studio for Lovable
PassAudited by ClawScan on May 12, 2026.
Overview
The skill appears to be a coherent marketing-launch planner that uses OpenClaw browsing and capture tools with approval gates, with no evidence of hidden exfiltration or destructive behavior.
This skill is reasonable to install if you want OpenClaw to help plan and create launch materials from your website or app. Before using it, decide which pages OpenClaw may inspect, use demo data for logged-in flows, avoid customer/admin/billing screens, and manually review Product Hunt or social drafts before publishing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved too broadly, OpenClaw could browse or capture screens the user did not intend to use in marketing materials.
The skill orchestrates powerful browsing and capture tools, which is central to its full-site marketing workflow and is not hidden.
Use OpenClaw's browser, screenshot, video, image-generation, and writing capabilities as appropriate.
Use demo data where possible, approve capture steps deliberately, and review screenshots or video notes before generating public assets.
Granting Product Hunt write access could allow launch drafts or submissions to affect a public account if later tools use that access.
Optional Product Hunt submission could involve account write authority, but the artifact explicitly frames it as user-approved and gated.
Only describe direct API submission as available when the user has approved Product Hunt write scope, user OAuth, secure server-side token handling, and a final human approval gate.
Prefer the human-reviewed Product Hunt handoff unless you intentionally want direct API submission and have reviewed the final draft.
Private dashboard, billing, customer, or secret-bearing screenshots could be accidentally reused in marketing outputs if included in the evidence set.
The skill’s workflow can turn captured app evidence into briefs and launch assets, so sensitive screen content needs explicit exclusion.
Do not capture or publish: Customer data. Secrets, tokens, API keys, or environment variables. Billing, payment, or admin screens.
Use a safe demo account, exclude admin/billing/customer data, and run the asset review before sharing or publishing any generated materials.