Mova Complaints Handler
v1.0.1Submit a customer complaint for EU-compliant AI classification and human-in-the-loop handling decision via MOVA. Handles compensation claims, regulator threa...
⭐ 0· 134·1 current·1 all-time
bySergii Miasoiedov@mova-compact
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to run MOVA HITL complaint workflows and only asks the agent to call MOVA plugin tools and register connectors; requiring the MOVA plugin is coherent with that purpose. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md explicitly restricts the agent to use MOVA plugin tools (mova_hitl_start_complaint, mova_hitl_decide, mova_hitl_audit, etc.) and forbids direct HTTP requests, shell exec, or inventing results. Instructions only reference complaint metadata, connectors, and audit calls — all within the stated workflow.
Install Mechanism
Instruction-only skill (no install spec or code included). Metadata includes an install command for the openclaw-mova plugin (openclaw plugins install openclaw-mova) which is expected. Absence of an included plugin/package means you must source the plugin separately — review that plugin before installing.
Credentials
The skill itself requests no environment variables or credentials. It does instruct you to register connectors (CRM, policy, notification) that may require endpoints and auth_header/auth_value. This is proportional to connecting to external systems but means you may provide CRM/API credentials to the MOVA plugin — verify how those credentials are stored and who can access them.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. It describes writing audit events to the MOVA audit journal (expected for this purpose). No instructions to modify other skills or global agent configuration are present.
Scan Findings in Context
[no_scan_findings] expected: The regex-based scanner found nothing — expected because this is an instruction-only skill (SKILL.md) with no code files for static analysis. The SKILL.md does reference the MOVA API domain and a demo image hosted on raw.githubusercontent.com; those are transparency signals, not findings.
Assessment
This skill appears coherent: it routes complaint text and metadata to the MOVA API and relies on an external openclaw-mova plugin. Before installing or using it, verify the provenance and source of the openclaw-mova plugin (review code or obtain from a trusted registry), confirm you are comfortable sending complaint data to the MOVA service (data residency/privacy), and check how connector credentials (CRM/API tokens) will be stored and who can access them. Test the workflow in a sandbox with synthetic data and confirm the audit journal and retention/publishing behavior meet your compliance requirements.Like a lobster shell, security has layers — review code before you run it.
latestvk973vmyrq6qb5sdtj6vgbff08s842j9s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.