ClawHub

Mova Spec Guide

v1.0.1

Answer questions about the MOVA specification language — schemas (ds.*), envelopes (env.*), verbs, episodes, global catalogs, instruction profiles, and the o...

0· 56·0 current·0 all-time
bySergii Miasoiedov@mova-compact
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md instructions: reading local spec docs, explaining concepts, and validating JSON against local schemas. Minor mismatch: the SKILL.md header says "Requires the `openclaw-mova` plugin," but the registry metadata does not declare any dependency — this is an informational inconsistency (not obviously malicious) that could affect runtime if the agent expects that plugin.
Instruction Scope
Instructions direct the agent to read files under a specific workspace path (/home/mova/.openclaw/workspace/mova-spec/) and to read user-supplied JSON for validation; they also allow referencing the public GitHub repo when needed. Reading those local files and user JSON is necessary for the stated purpose, but it means the skill will access any content in that workspace and any JSON the user provides.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself (lowest install risk).
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md's behavior (reading local workspace and optionally contacting GitHub) is proportionate to its purpose.
Persistence & Privilege
No elevated persistence requested (always: false). The skill does not request to modify other skills or system-wide settings in its instructions.
Scan Findings in Context
[no_findings] expected: The static scanner found nothing because this is an instruction-only skill with no code files to analyze. That absence of findings is expected but not evidence of safety — the SKILL.md is the primary surface to review.
Assessment
This skill appears coherent for answering MOVA-spec questions and validating drafts. Before installing: (1) confirm you want the agent to read files at /home/mova/.openclaw/workspace/mova-spec/ (ensure that workspace contains only the spec docs you intend to share); (2) be aware the skill will read any JSON you provide when asked to validate it (do not submit secrets); (3) confirm whether the environment provides the optional "openclaw-mova" plugin the SKILL.md mentions — its absence may change runtime behavior. If you need stricter limits, only invoke the skill when you intend to share spec files or validation inputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770jerpwzgw5kyadfqhcrsgd8426wa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments