by 详细分析 ▾
运行时依赖
版本
添加了Contract Skill类型标签。
安装命令 点击复制
技能文档
Contract Skill — A ready-to-use MOVA HITL workflow. Requires the openclaw-mova plugin.# MOVA AML Alert Triage
Submit a transaction monitoring alert to MOVA for automated L1 triage — with typology matching, sanctions screening, and a human compliance decision gate backed by a tamper-proof audit trail.
What it does
- AI triage — checks sanctions lists (OFAC/EU/UN), PEP status, transaction burst patterns, customer risk rating, prior alert history, and typology matching (structuring, layering, smurfing, etc.)
- Risk snapshot — surfaces anomaly flags and triage recommendation
- Human decision gate — compliance analyst chooses: clear / escalate to L2 / immediate escalate
- Audit receipt — every decision is signed, timestamped, and stored in an immutable compact journal
Mandatory escalation rules enforced by policy:
- Risk score > 85 → mandatory human escalation
- Sanctions hit → immediate escalation, no exceptions
- PEP flag → mandatory L2 escalation
Requirements
Plugin: MOVA OpenClaw plugin must be installed in your OpenClaw workspace.
Data flows:
- Alert data + customer ID + transactions →
api.mova-lab.eu(MOVA platform, EU-hosted) - Customer data → sanctions screening (OFAC, EU, UN — read-only, no data stored)
- Customer ID → risk rating and prior alert history (read-only)
- Audit journal → MOVA R2 storage, cryptographically signed
- No data is sent to third parties beyond the above
Quick start
Say "triage AML alert ALERT-1002" and provide the alert details:
https://raw.githubusercontent.com/mova-compact/mova-bridge/main/test_aml_ALERT-1002.png
Demo
Step 1 — Alert submitted: TM-STRUCT-11, risk 91, RISK HIGH flag
Step 2 — AI analysis: structuring typology matched, risk 91/100, escalate_l2 decision
Step 3 — Audit receipt + compact journal with full compliance event chain
Why contract execution matters
- Escalation rules are policy, not prompts — risk_score > 85 and sanctions hits trigger mandatory gates that cannot be bypassed
- Full typology matching — AI identifies structuring, layering, and smurfing patterns against your transaction monitoring rules
- Immutable audit trail — when a regulator asks "who cleared or escalated ALERT-1002 and why?" — the answer is in the system with an exact timestamp and reason
- AMLD6 / FATF ready — AML decisions require the human oversight, full explainability, and documented decision chain required by AMLD6 and FATF guidance
What the user receives
| Output | Description |
|---|---|
| Risk score | 0–100 assessment with threshold evaluation |
| Typology match | Rule ID + description (structuring, layering, etc.) |
| Sanctions check | OFAC / EU / UN screening result |
| PEP status | PEP flag with category |
| Customer risk | Risk rating, burst intensity, jurisdiction risk |
| Anomaly flags | rapid_transfer, new_beneficiary, high_burst, sanctions_hit, pep_flag |
| Findings | Structured list with severity codes |
| Prior alerts | Historical alert count |
| Recommended action | AI-suggested triage decision |
| Decision options | clear / escalate_l2 / immediate_escalate |
| Audit receipt ID | Permanent signed record of the compliance decision |
| Compact journal | Full event log: triage → sanctions → human decision |
When to trigger
Activate when the user:
- Mentions an alert ID (e.g. "ALERT-1002")
- Says "triage this alert", "review AML alert", "check transaction monitoring alert"
- Provides customer and transaction data for compliance review
Before starting, confirm: "Submit alert [alert_id] for MOVA L1 triage?"
If details are missing — ask once for: alert ID, rule ID, risk score, customer ID, customer jurisdiction, triggered transactions.
Step 1 — Submit alert
Call tool mova_hitl_start_aml with:
alert_id,rule_id,rule_description,risk_scorecustomer_id,customer_name,customer_risk_rating(low/medium/high),customer_type(individual/business),customer_jurisdiction(ISO country code)triggered_transactions: array of{transaction_id, amount_eur}pep_status: boolean,sanctions_match: booleanhistorical_alerts: optional array of prior alert IDs
Step 2 — Show analysis and decision options
If status = "waiting_human" — show AI triage summary and ask to choose:
- clear — Clear as false positive
- escalate_l2 — Escalate to L2 analyst
- immediate_escalate — Immediate escalation — freeze account
Show recommended option if present (mark ← RECOMMENDED).
Call tool mova_hitl_decide with:
contract_id: from the response above (NOT the alert ID)option: chosen decisionreason: analyst reasoning
Step 3 — Show audit receipt
Call tool mova_hitl_audit with contract_id.
Call tool mova_hitl_audit_compact with contract_id for the full signed event chain.
Connect your real AML systems
By default MOVA uses a sandbox mock. To route checks against your live infrastructure, call mova_list_connectors with keyword: "aml".
Relevant connectors:
| Connector ID | What it covers |
|---|---|
connector.screening.pep_sanctions_v1 | PEP & sanctions screening (OFAC, EU, UN) |
connector.aml.transaction_history_v1 | Transaction history from core banking |
connector.policy.aml_rules_v1 | AML rule engine / typology rules |
connector.risk.jurisdiction_v1 | Country FATF risk classification |
mova_register_connector with connector_id, endpoint, optional auth_header and auth_value.Rules
- NEVER make HTTP requests manually
- NEVER invent or simulate results — if a tool call fails, show the exact error
- Use MOVA plugin tools directly — do NOT use exec or shell
- CONTRACT_ID comes from the mova_hitl_start_aml response, not from the alert ID
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制