ClawHub

Mova Bridge

Security checks across malware telemetry and agentic risk

Overview

MOVA Bridge appears purpose-built for business workflow automation, but it needs review because it can send sensitive documents, business records, connector credentials, and billable actions to a remote service with incomplete consent and disclosure controls.

Review before installing in any real business environment. Use only limited, revocable MOVA and connector credentials; confirm the API endpoint; avoid configuring LLM/OCR keys unless intended; and require explicit user approval before invoice or other sensitive workflow processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module docstring asserts that no contracts, policies, or runtime logic are stored locally, but the file clearly embeds multiple local step definitions, prompts, template IDs, and policy references. This is a deceptive or inaccurate security-relevant claim that can mislead reviewers and operators about where business logic resides, reducing scrutiny of embedded workflow behavior.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
This skill exposes broad workflow orchestration across invoices, procurement, trading, AML, and complaints, allowing a single bridge to initiate sensitive business processes and transmit regulated or high-impact data to a remote API. In a low-transparency skill with no metadata and extensive remote delegation, this expands the attack surface and increases the risk of inappropriate data handling, unintended actions, or use outside the operator's expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises tools that can execute contracts, incur billing, and expose organization execution history, but it does not prominently warn users about financial cost, sensitive data access, or privacy implications. In an agent-skill context, this omission increases the chance that users or autonomous agents invoke high-impact actions without informed consent or proper guardrails.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup flow explicitly instructs the agent to display the newly issued API key to the user, but provides no guidance to treat it as a sensitive credential, avoid logging it, or minimize its exposure. This creates a real secret-handling weakness because API keys can be exposed in chat history, screenshots, shared sessions, or downstream logging systems, enabling unauthorized use of the MOVA account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to start invoice processing immediately with no confirmation means the agent may transmit invoice contents to an external service as soon as an image is sent or loosely referenced. Because invoices commonly contain sensitive financial and personal data, this bypasses an important consent and privacy checkpoint and can lead to unintended disclosure or processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The invoice-processing tool explicitly instructs the agent to run immediately without confirmation, causing the provided invoice URL to be sent to the remote MOVA API as soon as invoked. Because invoices commonly contain financial and personal data, bypassing confirmation undermines user consent and can trigger unreviewed transmission of sensitive documents to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal