they are basically repurposed NTAG 424s

their only cloning measure is that the LNURL changes on every tap. but someone can tap your card and get multiple LNURLs + they are valid until a new payment is made by the original card (which makes all previous LNURLs invalid due to the counter)

they have no other security measures like PIN codes for high value payments, and the only limit you can put is per card

you don’t even get identification of the payee for payment history or per-payee spending limits for trusted shops