Mova Bridge
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user has LLM_KEY set for another service, the bridge may unintentionally grant MOVA access to that credential or related spending authority.
The code can read a generic non-MOVA LLM credential from the environment and put it into outbound MOVA request headers, while the registry metadata declares no credentials and the README environment table does not document LLM_KEY.
LLM_KEY OpenRouter key for AI steps. ... llm_key = os.environ.get("LLM_KEY", "") ... h["X-LLM-Key"] = llm_keyDocument this credential clearly, use a MOVA-specific variable name, require explicit opt-in before forwarding third-party LLM keys, and explain exactly where the key is sent.
Sensitive invoice images or invoice data could be sent for processing, and possibly billed, before the user sees a price or data-sharing confirmation.
The HITL invoice instruction conflicts with the skill's stated no-exceptions price-confirmation rule and may cause immediate external processing of invoice content without an explicit confirmation step.
`mova_hitl_start` | User sends an invoice image or says "process invoice" — call immediately, no confirmation needed ... **Always show price before executing.** No exceptions
Require the same price and external-processing confirmation for invoice workflows as for mova_execute, or clearly document why invoice processing is exempt.
Users may believe their data is going to one MOVA host while the bridge actually sends it to another by default.
The documented default API destination does not match the code's actual default endpoint, which matters because credentials and sensitive task inputs are sent to that service.
README: `MOVA_API_URL` ... Default ... `https://mova-api.fly.dev`; server.py: `_DEFAULT_API_URL = "https://api.mova-lab.eu"`
Align the README, registry metadata, and code default endpoint, and show the configured endpoint during setup.
Customer, transaction, invoice, or business-review details may be processed by MOVA and related external connectors.
The skill discloses that MOVA executions may call external data sources, which is purpose-aligned for AML/KYB/business review tasks but means user-provided business data may cross additional service boundaries.
It will query 2 external data sources during execution ... "The agent checked sanctions databases and the company registry"
Use only the minimum necessary inputs, confirm the external data sources before execution, and review MOVA's privacy and retention terms.
It may be harder to verify that the package being installed is the same one that was reviewed.
The artifacts show inconsistent version identifiers, and the registry source/homepage fields are incomplete even though pyproject lists GitHub URLs.
Registry Version: 1.0.0; pyproject.toml: `version = "0.6.0"`; __init__.py: `__version__ = "0.1.0"`
Publish consistent versions, fill in registry source/homepage metadata, and install only from a trusted package source or reviewed repository.