Mova Spec Guide
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only MOVA reference skill that reads a specific local spec workspace and optional public GitHub references, with no executable code or hidden persistence found.
Install if you want an agent helper for MOVA specification questions and schema validation. Before use, confirm the local /home/mova/.openclaw/workspace/mova-spec/ directory contains only reference material you intend the agent to read, avoid submitting secrets in JSON drafts, and confirm whether your environment provides the openclaw-mova plugin mentioned by the skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
58/58 vendors flagged this skill as clean.