Mova Compliance Audit
v1.0.1Submit documents for AI-powered compliance audit against GDPR, PCI-DSS, ISO 27001, or SOC 2 via MOVA HITL. Trigger when the user uploads a document and menti...
⭐ 0· 95·0 current·0 all-time
bySergii Miasoiedov@mova-compact
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (MOVA compliance audit) align with the instructions: submit document URL/ID, request framework, run rule checks, present findings, and require human sign-off. The SKILL.md explicitly references calling mova_hitl_start_compliance and sending data to api.mova-lab.eu, which is expected for this capability.
Instruction Scope
The runtime instructions stay within the stated purpose: ingest a document (URL/ID), run OCR/connectors/rules engine via MOVA, display findings, and require human decision. There are no instructions to read unrelated local files, system env vars, or to send data to arbitrary third parties beyond the documented MOVA endpoints.
Install Mechanism
The skill is instruction-only (no install spec) which is low risk, but the metadata requires an external OpenClaw plugin (openclaw-mova). That plugin installation is an out-of-band action not packaged in this skill and may pull code/credentials into your environment — the plugin should be reviewed/trusted before installation.
Credentials
The skill itself declares no environment variables or credentials, which is coherent for an instruction-only wrapper, but it will send document URLs and org metadata to api.mova-lab.eu. In practice the required MOVA credentials/config are likely managed by the external plugin (not declared here). Confirm how the plugin stores/uses credentials and ensure you consent to sending potentially sensitive documents to MOVA.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills' configs, and requires a human gate for final decisions. No elevated persistence privileges are requested by the skill itself.
Assessment
This skill appears to do what it claims: submit documents to the MOVA platform for a human-in-the-loop compliance audit. Before installing/using it: 1) Verify and review the openclaw-mova plugin (the skill depends on it); confirm the plugin's provenance, code, and permissions. 2) Be aware that documents and organization metadata will be sent to api.mova-lab.eu (EU-hosted) and to MOVA connectors (OCR, rules engine) — do not upload sensitive or regulated data until you confirm retention, residency, and privacy policies. 3) Confirm how MOVA credentials are provided and stored by the plugin (the skill itself does not declare env vars). 4) Test with non-sensitive sample documents first and ensure your compliance officer is prepared for the mandatory human sign-off flow. If you cannot review the plugin or accept external data sharing, do not enable this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978n3z49ajyaakfkwd79yt5th84290s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.