← 返回 Skills 市场
mova-compact

Mova Supply Chain Risk

作者 Sergii Miasoiedov · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
184
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install mova-supply-chain-risk
功能描述
Screen suppliers against sanctions lists, PEP registries, ESG ratings, and financial stability data via MOVA HITL, then route findings through a human procur...
安全使用建议
This skill appears coherent for supplier screening: it will send supplier names/IDs/countries and procurement metadata to the MOVA service and to sanctions/ESG/registry connectors and enforces a human decision gate. Before installing or using it: (1) verify the provenance of the openclaw-mova plugin and only install it from a trusted source; (2) ask the plugin owner what API keys or credentials are required and how they are stored; (3) confirm you are allowed (legally and contractually) to transmit supplier data to the listed external endpoints and whether data residency/GDPR rules apply; (4) test with non-sensitive or synthetic data first; and (5) request the plugin's privacy/security documentation (where data is stored, retention, auditability, and who can access the audit journal). If you want, provide the openclaw-mova plugin manifest or link and I can re-evaluate for any missing permissions or mismatches.
功能分析
Type: OpenClaw Skill Name: mova-supply-chain-risk Version: 1.0.1 The skill provides a legitimate workflow for supply chain risk assessment and due diligence using the MOVA HITL plugin. It documents data transfers to 'api.mova-lab.eu' for screening against sanctions and ESG databases, and it includes explicit instructions for the agent to avoid manual HTTP requests or shell execution, focusing instead on structured tool calls for auditing and decision-making.
能力评估
Purpose & Capability
The name and description (supplier screening, sanctions/PEP/ESG/financial checks with human gate) align with the instructions: submit supplier batches to MOVA, show risk bands, and require human sign-off. The external services referenced (MOVA API, sanctions/ESG/registry connectors) are appropriate for the stated purpose.
Instruction Scope
Instructions are focused on screening and a mandatory human decision gate. They explicitly send supplier names/IDs/countries and procurement metadata to api.mova-lab.eu and to screening connectors — which is expected — but the SKILL.md does not list the actual credentials/authorization steps the plugin needs, nor does it include the plugin code. Also the README references screenshot files that are not present in the package (cosmetic).
Install Mechanism
This is an instruction-only skill (no install spec, no code), which is low-risk from an install perspective. It requires the 'openclaw-mova' plugin to be installed via OpenClaw; the SKILL.md suggests 'openclaw plugins install openclaw-mova'. The plugin itself is external to this skill and is the component that will perform network calls — verify the plugin source before installing.
Credentials
The skill declares no required environment variables or credentials in its metadata, but it transmits potentially sensitive supplier data to external services. In practice the MOVA plugin (not included) will likely require API keys or tokens; the absence of declared required credentials here means you should confirm what secrets the plugin needs and how they are stored/limited. Ensure you have legal authority to send supplier data to the listed endpoints.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always:false). It documents that audit receipts are stored in MOVA R2 storage (external) and claims no local storage. There is no instruction to modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mova-supply-chain-risk
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mova-supply-chain-risk 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Added Contract Skill type label.
v1.2.0
Fix: remove incorrect API key requirement
v1.1.0
Add demo screenshots from live agent run
v1.0.0
Initial release: supplier due diligence HITL — sanctions, PEP, ESG, financial stability screening
元数据
Slug mova-supply-chain-risk
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Mova Supply Chain Risk 是什么?

Screen suppliers against sanctions lists, PEP registries, ESG ratings, and financial stability data via MOVA HITL, then route findings through a human procur... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 184 次。

如何安装 Mova Supply Chain Risk?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mova-supply-chain-risk」即可一键安装,无需额外配置。

Mova Supply Chain Risk 是免费的吗?

是的,Mova Supply Chain Risk 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Mova Supply Chain Risk 支持哪些平台?

Mova Supply Chain Risk 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Mova Supply Chain Risk?

由 Sergii Miasoiedov(@mova-compact)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论