Mova Churn Prediction
Analysis
The skill is coherent for churn analysis, but it relies on the MOVA plugin to process customer behavior and profile data and store audit records, so users should ensure those integrations are authorized.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Requires the `openclaw-mova` plugin ... "installCmd":"openclaw plugins install openclaw-mova"
The skill depends on an external plugin that is not included in the artifact set. That dependency is disclosed and central to the MOVA workflow, but the plugin's provenance should be checked before installation.
customer success manager reviews the list and chooses: launch campaign / launch selective / defer / escalate
The workflow can lead to customer-facing retention campaign decisions. The artifact requires a human gate, which makes this purpose-aligned rather than unsafe, but the action can still affect customers.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Customer activity data → events connector (read-only, no raw data stored by MOVA) ... Customer profiles → CRM connector (read-only)
The skill expects access to customer activity and CRM profile data. The access is described as read-only and directly related to churn prediction, but it is still sensitive business/customer data.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Audit receipt — input features, model version, prediction scores, and human approval are all logged ... Audit journal → MOVA R2 storage, signed
The workflow persists customer feature data, churn scores, model version, and human decisions in an audit journal. This is disclosed and compliance-oriented, but it creates a durable record of sensitive profiling results.
Segment ID + period + threshold → `api.mova-lab.eu` ... Customer activity data → events connector ... Feature vectors → churn model connector ... Customer profiles → CRM connector
The skill discloses multiple external service and connector data flows. They are purpose-aligned, but users should notice that customer data and derived scores cross system boundaries.