ClawHub

Mova Contract Builder

v1.0.0

Build structured MOVA agent contracts (ds.mova_agent_contract_core_v1) from vague user intentions through a guided, step-by-step expert interview. Use this s...

0· 57·0 current·0 all-time
bySergii Miasoiedov@mova-compact
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (MOVA contract builder) match the SKILL.md and the included examples and schema reference. There are no unrelated environment variables, binaries, or install steps requested that would be disproportionate to authoring contracts.
Instruction Scope
SKILL.md defines a constrained, stepwise interview for creating schema-valid contracts and explicitly states it does not execute anything. The instructions do not direct the agent to read local system files, access environment variables, call external endpoints, or transmit data outside the interview context. Fields like runtime_binding_ref and connector_refs are only collected as contract metadata, not used to connect to external services.
Install Mechanism
No install specification and no code files that would be written or executed on the host. This is the lowest-risk class (instruction-only).
Credentials
The skill declares no required environment variables, credentials, or config paths. The contract fields collected (owner IDs, connector IDs, policy refs) are reasonable metadata for its purpose; nothing requests secrets or unrelated credentials.
Persistence & Privilege
The skill is not always-on (always: false) and uses the default model invocation behavior. It does not request persistent system privileges or attempt to modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims: guide a user through building a MOVA agent contract. Before using it, avoid pasting secrets or sensitive documents into the interview text (owner IDs, connector IDs and policy refs are normal metadata but should not contain credentials). After the interview, review the generated contract for correctness and remove any accidental PII. Also be aware that while this skill does not execute connectors or runtimes, the metadata it produces (runtime_binding_ref, connector_refs, policy_profile_ref) could be used later by other systems to provision or connect to services — validate those references before deploying the contract to any runtime.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755gh76rr3qevrz6fe056twn83hjaw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments