Mova Contract Discovery

v1.0.1

Browse, search, and run public MOVA contracts from the community marketplace. Trigger when the user asks to find a contract, discover available contracts, se...

⭐ 0· 92·0 current·0 all-time

bySergii Miasoiedov@mova-compact

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mova-compact/mova-contract-discovery.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Mova Contract Discovery" (mova-compact/mova-contract-discovery) from ClawHub.
Skill page: https://clawhub.ai/mova-compact/mova-contract-discovery
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mova-contract-discovery

ClawHub CLI

Package manager switcher

npx clawhub@latest install mova-contract-discovery

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md explicitly says this is an 'Ecosystem Skill' that "Requires the `openclaw-mova` plugin" and describes operations that run public contracts on behalf of the user's org. However, the skill metadata declares no dependencies, no required binaries, and no required environment variables or credentials. Running contracts and listing connectors plausibly requires platform/plugin-level auth or connectors; the omission of any declared dependency or credential is an incoherence.

✓

Instruction Scope

The runtime instructions are narrowly scoped to: search (mova_discover_contracts), inspect, run (mova_run_contract), handle HITL (mova_hitl_decide), and check run status. They do not instruct reading unrelated files or exfiltrating data. They do rely entirely on external tools provided by the `openclaw-mova` plugin (tool calls are explicit).

✓

Install Mechanism

This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by an installer. That's the lowest-risk installation model.

Credentials

The skill claims the ability to run contracts 'on behalf of the user's org' and references checking 'the contract's required connectors', but it declares zero environment variables, credentials, or config paths. Either the platform or the missing 'openclaw-mova' plugin must supply auth, but the skill metadata does not document this. The absence of declared credentials/config for an action that normally requires auth is disproportionate/unexplained.

✓

Persistence & Privilege

always:false (default) and there is no install/persistence. The skill can be invoked autonomously by the agent (disable-model-invocation:false) which is the platform default; combined with the credential/permission gaps noted above this increases the importance of verifying how auth is enforced, but the skill itself does not request elevated persistence.

What to consider before installing

Before installing or enabling this skill: (1) Confirm that the 'openclaw-mova' plugin (or equivalent provider of the mova_* tools) is actually required and available in your agent environment — the SKILL.md states this requirement but the skill metadata does not declare it. (2) Ask how authentication and org-scoped permissions are handled when running contracts — who supplies the org credentials, connectors, and consent, and where are tokens stored? The skill's ability to 'run contracts on behalf of the user's org' should map to a documented auth flow. (3) Verify that the platform enforces the skill's own rule to confirm with the user before any run (don't rely solely on prose in SKILL.md). (4) If you plan to run contracts, start with non-production/test contracts and review audit logs and connector scopes. (5) If the publisher or source is unknown, treat this as higher risk until you can confirm the dependency and auth model — the mismatch between declared metadata and SKILL.md raises uncertainty about how and with what privileges the skill will act.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exswpfmd2s8210ebd870mys8426v6

92downloads

0stars

2versions

Updated 3w ago

v1.0.1

MIT-0

Ecosystem Skill — Supports building and managing the MOVA ecosystem. Requires the openclaw-mova plugin.

MOVA Contract Discovery

Browse the public MOVA contract marketplace — find contracts published by any organization, inspect their stats, and run them directly.

What this skill does

Searches the public contract catalog with optional keyword and execution mode filters
Shows contract details: title, version, execution mode, pass rate, total runs
Runs any public contract on behalf of the user's org
Surfaces HITL gates if the contract requires human decisions

When to trigger

Activate when the user:

Says "find a contract", "search contracts", "what contracts are available"
Asks for a specific type of workflow (e.g. "is there a contract for invoice approval?")
Wants to run a contract that isn't their own
Asks to browse the MOVA marketplace

Step 1 — Search

Ask:

"What are you looking for? You can describe a workflow type (e.g. invoice, AML, compliance, credit scoring) or say 'show all' to see everything."

Call tool mova_discover_contracts with:

keyword: user's search term (omit if "show all")
execution_mode: only if user specifically wants to filter by mode

Show results as a table:

Found N contracts:

#  Title                     Version  Mode           Runs   Pass Rate
1  Invoice Approval Agent    1.0.0    human_gated    142    94%
2  AML Alert Triage          2.1.0    ai_assisted    87     91%
3  Supply Chain Risk Screen  1.2.0    human_gated    34     88%

If no results — suggest a broader search or different keyword.

Step 2 — Inspect

If the user wants more detail on a contract, show the full manifest:

CONTRACT: Invoice Approval Agent
ID:             ctr-usr-abc123
Owner org:      org-xyz
Version:        1.0.0
Execution mode: human_gated
Description:    Approves invoices over €5,000 with OCR extraction and CFO sign-off gate
Runs:           142 total  •  94% pass rate
Registered:     2026-03-15

Step 3 — Run

Ask:

"Want to run [contract title]? Do you have inputs to provide, or should we start with empty inputs?"

Collect inputs as key-value pairs if needed (ask one at a time).

Call tool mova_run_contract with:

contract_id: from the discovery results
inputs: collected or {}

If status: "waiting_human" — the contract has a human gate. Show the analysis and options, then ask the user to choose. Call mova_hitl_decide with:

contract_id: same contract_id
option: chosen option
reason: user's reasoning

If status: "completed" — show verdict and output.

If status: "failed" — show the error. Suggest checking the contract's required connectors with mova_list_connectors.

Step 4 — Check run status

If the user wants to follow up on a previous run:

Call mova_run_status with the run_id.

Execution mode guide

Show this when the user asks what execution modes mean:

Mode	What it means
`deterministic`	Rule-based, same output for same input every time
`bounded_variance`	AI-assisted but constrained to narrow output range
`ai_assisted`	AI makes decisions, no mandatory human gate
`human_gated`	AI analyzes, human must approve before completion

Rules

NEVER run a contract without confirming with the user first: "Run [title]?"
NEVER invent contract IDs — use only IDs from mova_discover_contracts results
NEVER guess inputs — ask the user, or confirm empty inputs are acceptable
If the contract has a human gate (status: "waiting_human"), always show the analysis before asking for the decision
contract_id for mova_run_contract and mova_hitl_decide comes from the discovery result, not from the contract title

Comments

Loading comments...