ClawHub

Mova Invoice Ocr

v1.0.2

Process any financial document — invoice, bill, receipt, or purchase order — via MOVA OCR and human-in-the-loop approval. Trigger when the user shares a docu...

0· 181·1 current·1 all-time
bySergii Miasoiedov@mova-compact
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and runtime instructions align: the skill describes OCR + risk checks + human decision gate and instructs the agent to call MOVA plugin tools (mova_hitl_start, mova_hitl_decide, mova_hitl_audit). It declares the MOVA plugin requirement and documents data flows to api.mova-lab.eu and ERP connectors; there are no unrelated env vars or binaries requested.
Instruction Scope
SKILL.md keeps scope narrow and prescriptive: it requires confirmation before processing, forbids manual HTTP calls, and instructs only to call plugin tools. Note: it also instructs registering connectors (mova_register_connector) with optional auth_header/auth_value, which means you will supply connector credentials to the plugin—this is in-scope but worth reviewing before enabling.
Install Mechanism
This is an instruction-only skill with no install spec or code files. Metadata references installing an external OpenClaw plugin (openclaw-mova) but the skill itself does not download arbitrary artifacts. Risk depends on the plugin's install/source (inspect that plugin separately).
Credentials
The skill itself requests no environment variables or credentials, which is proportionate. However it will transmit invoice image URLs and extracted fields to api.mova-lab.eu and may store audit journals in MOVA R2. Connector registration may require auth headers/values. Verify the MOVA plugin and connector configs for any credential requirements or secret storage behavior before use.
Persistence & Privilege
always:false and user-invocable:true (default) — normal. The workflow creates persistent audit receipts/compact journals (intended behavior). Because the agent can invoke the skill autonomously by default, you should rely on the explicit confirmation step the SKILL.md demands; if you want stricter control, consider preventing autonomous invocation or requiring explicit user confirmation at runtime.
Assessment
This skill is coherent with its stated purpose, but you should: (1) inspect the openclaw-mova plugin code or vendor docs before installing to confirm where credentials are stored and what network endpoints are contacted; (2) confirm retention, encryption, and access policy for the MOVA R2 audit journal; (3) test using the sandbox/mock connector before sending real invoices; (4) be prepared to supply connector auth values if you connect a live ERP/OCR system and ensure those secrets are stored securely by the plugin; (5) if you want to prevent any autonomous processing beyond the explicit human decision gate, disable autonomous invocation or enforce an additional confirmation policy in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehzaswahyv6yzwat3rnf3bx84237w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments