Mova Aml Triage

v1.0.1

Submit an AML transaction monitoring alert for automated L1 triage and human-in-the-loop compliance decision via MOVA. Trigger when the user mentions an AML...

⭐ 0· 89·1 current·1 all-time

bySergii Miasoiedov@mova-compact

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (MOVA AML triage) match the runtime instructions: submit alerts, run triage, present human decision options, and record an audit receipt. The declared external endpoint (api.mova-lab.eu) and sanctions/risk screening are coherent with an AML triage purpose.

✓

Instruction Scope

SKILL.md limits actions to collecting alert/customer/transaction data, calling MOVA tool endpoints (mova_hitl_start_aml, mova_hitl_decide, mova_hitl_audit*), and showing triage output. It does not instruct the agent to read unrelated system files or arbitrary environment variables. It explicitly documents what is sent to the external MOVA services.

✓

Install Mechanism

This is instruction-only and contains no install spec; metadata suggests the plugin is installed using `openclaw plugins install openclaw-mova`. No downloads, archives, or arbitrary URLs are installed by the skill itself.

ℹ

Credentials

The skill itself declares no required environment variables or credentials, which can be fine if the required MOVA plugin handles auth. However, SKILL.md sends personally identifiable customer and transaction data to an external MOVA API; callers must ensure the plugin is configured with appropriate credentials and that sending this data to that external service is acceptable under their data-protection and regulatory rules. The absence of any declared credentials in the skill means the auth surface is external to this skill (likely in the plugin).

✓

Persistence & Privilege

The skill is not always-included and does not request elevated platform privileges. It delegates to plugin-provided tools for runtime actions. Autonomous invocation is allowed by default (normal) and not combined with any other overbroad privileges here.

Assessment

This skill is coherent for submitting AML alerts to the MOVA platform, but before installing: (1) verify and review the openclaw-mova plugin (source, permissions, and how it stores/uses credentials); (2) confirm that sending customer and transaction PII to api.mova-lab.eu complies with your privacy and regulatory requirements; (3) test in a sandbox environment using non-production data; (4) confirm who controls the MOVA endpoint, retention of audit logs, and where audit receipts are stored; and (5) ensure the mandatory escalation rules and audit trail meet your compliance policy. The skill does not itself declare how MOVA auth is provided, so ensure plugin credentials and network access are configured securely before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a61wyzq244r2ew6q51cjpgx843r4e

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Contract Skill — A ready-to-use MOVA HITL workflow. Requires the openclaw-mova plugin.

MOVA AML Alert Triage

Submit a transaction monitoring alert to MOVA for automated L1 triage — with typology matching, sanctions screening, and a human compliance decision gate backed by a tamper-proof audit trail.

What it does

AI triage — checks sanctions lists (OFAC/EU/UN), PEP status, transaction burst patterns, customer risk rating, prior alert history, and typology matching (structuring, layering, smurfing, etc.)
Risk snapshot — surfaces anomaly flags and triage recommendation
Human decision gate — compliance analyst chooses: clear / escalate to L2 / immediate escalate
Audit receipt — every decision is signed, timestamped, and stored in an immutable compact journal

Mandatory escalation rules enforced by policy:

Risk score > 85 → mandatory human escalation
Sanctions hit → immediate escalation, no exceptions
PEP flag → mandatory L2 escalation

Requirements

Plugin: MOVA OpenClaw plugin must be installed in your OpenClaw workspace.

Data flows:

Alert data + customer ID + transactions → api.mova-lab.eu (MOVA platform, EU-hosted)
Customer data → sanctions screening (OFAC, EU, UN — read-only, no data stored)
Customer ID → risk rating and prior alert history (read-only)
Audit journal → MOVA R2 storage, cryptographically signed
No data is sent to third parties beyond the above

Quick start

Say "triage AML alert ALERT-1002" and provide the alert details:

https://raw.githubusercontent.com/mova-compact/mova-bridge/main/test_aml_ALERT-1002.png

Demo

Step 1 — Alert submitted: TM-STRUCT-11, risk 91, RISK HIGH flag Step 1

Step 2 — AI analysis: structuring typology matched, risk 91/100, escalate_l2 decision Step 2

Step 3 — Audit receipt + compact journal with full compliance event chain Step 3

Why contract execution matters

Escalation rules are policy, not prompts — risk_score > 85 and sanctions hits trigger mandatory gates that cannot be bypassed
Full typology matching — AI identifies structuring, layering, and smurfing patterns against your transaction monitoring rules
Immutable audit trail — when a regulator asks "who cleared or escalated ALERT-1002 and why?" — the answer is in the system with an exact timestamp and reason
AMLD6 / FATF ready — AML decisions require the human oversight, full explainability, and documented decision chain required by AMLD6 and FATF guidance

What the user receives

Output	Description
Risk score	0–100 assessment with threshold evaluation
Typology match	Rule ID + description (structuring, layering, etc.)
Sanctions check	OFAC / EU / UN screening result
PEP status	PEP flag with category
Customer risk	Risk rating, burst intensity, jurisdiction risk
Anomaly flags	rapid_transfer, new_beneficiary, high_burst, sanctions_hit, pep_flag
Findings	Structured list with severity codes
Prior alerts	Historical alert count
Recommended action	AI-suggested triage decision
Decision options	clear / escalate_l2 / immediate_escalate
Audit receipt ID	Permanent signed record of the compliance decision
Compact journal	Full event log: triage → sanctions → human decision

When to trigger

Activate when the user:

Mentions an alert ID (e.g. "ALERT-1002")
Says "triage this alert", "review AML alert", "check transaction monitoring alert"
Provides customer and transaction data for compliance review

Before starting, confirm: "Submit alert [alert_id] for MOVA L1 triage?"

If details are missing — ask once for: alert ID, rule ID, risk score, customer ID, customer jurisdiction, triggered transactions.

Step 1 — Submit alert

Call tool mova_hitl_start_aml with:

alert_id, rule_id, rule_description, risk_score
customer_id, customer_name, customer_risk_rating (low/medium/high), customer_type (individual/business), customer_jurisdiction (ISO country code)
triggered_transactions: array of {transaction_id, amount_eur}
pep_status: boolean, sanctions_match: boolean
historical_alerts: optional array of prior alert IDs

Step 2 — Show analysis and decision options

If status = "waiting_human" — show AI triage summary and ask to choose:

clear — Clear as false positive
escalate_l2 — Escalate to L2 analyst
immediate_escalate — Immediate escalation — freeze account

Show recommended option if present (mark ← RECOMMENDED).

Call tool mova_hitl_decide with:

contract_id: from the response above (NOT the alert ID)
option: chosen decision
reason: analyst reasoning

Step 3 — Show audit receipt

Call tool mova_hitl_audit with contract_id. Call tool mova_hitl_audit_compact with contract_id for the full signed event chain.

Connect your real AML systems

By default MOVA uses a sandbox mock. To route checks against your live infrastructure, call mova_list_connectors with keyword: "aml".

Relevant connectors:

Connector ID	What it covers
`connector.screening.pep_sanctions_v1`	PEP & sanctions screening (OFAC, EU, UN)
`connector.aml.transaction_history_v1`	Transaction history from core banking
`connector.policy.aml_rules_v1`	AML rule engine / typology rules
`connector.risk.jurisdiction_v1`	Country FATF risk classification

Call mova_register_connector with connector_id, endpoint, optional auth_header and auth_value.

Rules

NEVER make HTTP requests manually
NEVER invent or simulate results — if a tool call fails, show the exact error
Use MOVA plugin tools directly — do NOT use exec or shell
CONTRACT_ID comes from the mova_hitl_start_aml response, not from the alert ID

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…