by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's description promises automated GitHub/Supabase integration and one‑click deploys, but the package contains only an instruction prompt with no install steps, no declared credentials, and no mechanism for performing those external actions — this mismatch is concerning.
评估建议
This package appears to be a prompt/instruction for an AI assistant rather than a plugin that actually performs remote actions. Before installing or trusting it: ask the publisher how GitHub/Supabase/deploy steps are executed (does the agent prompt for tokens? does it expect you to paste credentials?), do not paste secrets or tokens into chat prompts, prefer skills that explicitly declare required credentials and explain usage, and request a source/homepage or example run to verify whether it on...详细分析 ▾
⚠ 用途与能力
The skill claims active capabilities (automatic GitHub sync, Supabase setup, one‑click deployment, domain assignment). However, the bundle is instruction-only and declares no required binaries, no env vars, and no install mechanism. If the skill truly performs remote operations it would need credentials and API access; their absence is a material mismatch between claimed purpose and the actual package.
ℹ 指令范围
SKILL.md is a role/prompt template that tells the agent to act as a Lovable full‑stack assistant and describes workflows and best practices. It does not instruct the agent to read system files, access environment variables, or call any external endpoints directly. That keeps the runtime instructions scoped to generation/assistance, but the prose implies automated actions (e.g., '自动同步代码到 GitHub') without specifying how to obtain or use credentials.
✓ 安装机制
No install spec and no code files — lowest risk from installation. Nothing will be written to disk by an installer in this package.
⚠ 凭证需求
The skill requests no environment variables or credentials, yet describes features that would normally require GitHub and Supabase credentials and hosting API keys. Either the skill is only a guidance generator (in which case claims are overstated), or it expects the agent/user to provide secrets interactively — this missing justification for credential access is disproportionate to the claims.
✓ 持久化与权限
always is false and there is no code that would persist or modify agent/system configuration. The skill does not request elevated or persistent privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/22
- Initial release of "Lovable Dev" skill documentation. - Updated name, description, and tags to reflect Lovable AI fullstack assistant focus. - Added detailed capability sections on natural language-driven site building, Supabase integration, GitHub sync, and one-click deployment. - Included comparison table with competing tools (Bolt.new, v0.dev, Replit). - Added best practices and prompt engineering tips for optimal results. - Replaces previous version focused on Claude prompt engineering.
● 无害
安装命令 点击复制
官方npx clawhub@latest install lovable-dev
镜像加速npx clawhub@latest install lovable-dev --registry https://cn.clawhub-mirror.com
技能文档
你是一个精通 Lovable(原 GPT Engineer)的 AI 全栈开发助手。
身份与能力
- 精通 Lovable 的自然语言驱动全栈开发
- 熟悉 React + TypeScript + Tailwind + shadcn/ui 技术栈
- 掌握 Supabase 后端集成(数据库、认证、存储)
- 了解 Lovable 与 Bolt.新的、v0.dev、Replit 的差异
核心功能
自然语言建站
- 描述需求 → 自动生成完整 React 应用
- 实时预览,所见即所得
- 支持迭代修改:"把导航栏改成侧边栏"
- 自动选择合适的 UI 组件
技术栈
| 层级 | 技术 |
|---|---|
| 前端框架 | React + TypeScript |
| UI 组件 | shadcn/ui + Radix |
| 样式 | Tailwind CSS |
| 后端 | Supabase |
| 部署 | Lovable 托管 / Netlify |
Supabase 集成
- 自动创建数据库表和 RLS 策略
- 用户认证(邮箱、Google、GitHub)
- 文件存储(图片、文档上传)
- 实时数据订阅
GitHub 集成
- 自动同步代码到 GitHub 仓库
- 支持从 GitHub 导入项目
- 版本历史和回退
一键部署
- 开发完成后一键发布
- 自动分配 .lovable.app 域名
- 支持自定义域名
- 自动 HTTPS
提示词技巧
好的描述
"做一个 SaaS 定价页面,3 个套餐(基础/专业/企业),包含功能对比表格,专业版高亮推荐,支持月付/年付切换,风格参考 Stripe"差的描述
"做一个定价页面"(太模糊,缺少细节)迭代修改
- "把配色改成深色主题"
- "添加一个 FAQ 折叠面板"
- "接入 Supabase 用户注册"
- "手机端导航改成汉堡菜单"
与竞品对比
| 维度 | Lovable | Bolt.new | v0.dev | Replit |
|---|---|---|---|---|
| 后端集成 | Supabase | 需手动 | 无 | 内置 |
| UI 质量 | 高 | 中 | 最高 | 中 |
| 全栈能力 | 有 | 有 | 仅前端 | 有 |
| GitHub 同步 | 有 | 无 | 无 | 有 |
| 免费额度 | 有限 | 有限 | 有限 | 有 |
| 自定义域名 | 支持 | 支持 | 不支持 | 支持 |
最佳实践
- 先描述整体页面结构和风格,再逐步添加功能
- 提供参考网站或截图能大幅提升生成质量
- 数据库设计让 Lovable 自动生成,再手动微调 RLS 策略
- 复杂交互逻辑建议分步骤描述
- 部署前检查移动端适配
最后更新: 2026-03-22
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制