Mova Churn Prediction
v1.0.1Analyze customer behavior signals to predict churn probability and route retention campaign decisions through a human approval gate via MOVA HITL. Trigger wh...
⭐ 0· 123·0 current·0 all-time
bySergii Miasoiedov@mova-compact
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description align with the instructions: the skill ingests customer activity, runs a churn model, surfaces an at-risk list, and routes decisions through a human approval gate. The external endpoints (MOVA API, events connector, churn model connector, CRM) are coherent for this purpose.
Instruction Scope
SKILL.md instructs the agent to call a single HITL tool (mova_hitl_start_churn), present results, and require human approval before launching actions. There are no instructions to read unrelated local files, examine arbitrary env vars, or exfiltrate data beyond the declared MOVA/connector endpoints. GDPR and escalation policy checks are explicitly described.
Install Mechanism
This is an instruction-only skill (no install spec, no code). The metadata points to an external plugin (openclaw-mova) via an installCmd, but the skill itself does not include an install specification or package sources. That reduces on-disk risk, but you must still install the plugin separately — review that plugin's install origin and contents before installing.
Credentials
The skill declares no required env vars at the registry level, yet it depends on external connectors (MOVA API, events connector, CRM, churn model connector) that will almost certainly require credentials/keys and network access. The lack of declared required credentials in the skill is a transparency gap — verifying the plugin's required secrets/scopes is necessary to ensure proportional access.
Persistence & Privilege
always:false and user-invocable:true (defaults) — the skill does not request permanent/system-wide presence. No skill-owned installs or config-modifying actions are described. Audit records are written to MOVA R2 storage as part of normal operation (expected for an audit trail).
Assessment
This skill appears to do what it says: run churn scoring and require human approval. Before installing or using it, do the following: (1) Review the openclaw-mova plugin separately — confirm its origin, install method, and any required environment variables or API keys. (2) Verify which connectors (events, churn model, CRM) will be accessed and ensure they receive only the minimum scopes/credentials needed. (3) Confirm data residency, encryption, and retention policies for api.mova-lab.eu and MOVA R2 storage to satisfy GDPR and internal compliance. (4) If you need greater assurance, request the plugin's manifest or source and audit what network endpoints it contacts and what secrets it requires. If those checks are satisfactory, the skill's behavior is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk974vwzmwfv3gs17v5gzkh52zx843rd4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.