首页 / 技能 / Mova Po Approval — Mova工具

📦 Mova Po Approval — Mova工具

v1.0.1

[AI辅助] Submit a purchase order for automated risk analysis and procurement approval via MOVA HITL. Trigger when the user mentions a PO number, asks to approve/revie...

0· 168·1 当前·1 累计
mova-compact 头像by @mova-compact (Sergii Miasoiedov)·MIT-0
自动化数据分析开发工具AI模型访问
下载技能包
License
MIT-0
最后更新
2026/4/2
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
The skill's stated purpose (submitting POs to MOVA HITL for risk analysis and human approval) aligns with its runtime instructions and requirements; it requires the MOVA OpenClaw plugin and sends PO/approval data to the MOVA service, which is consistent with the described functionality.
评估建议
This skill appears to do what it says: it requires the MOVA plugin and will send PO ID, approver ID, analysis results and decisions to the MOVA service. Before installing/using: 1) Verify and review the openclaw-mova plugin source (installCmd is present in metadata). 2) Understand and accept that PO metadata and human decisions are sent to api.mova-lab.eu and stored in MOVA/R2 audit storage. 3) If you connect a live ERP, be prepared to supply connector endpoints and auth credentials — treat thos...
详细分析 ▾
用途与能力
The name/description ask for automated risk analysis + human-in-the-loop approval via MOVA. The SKILL.md consistently instructs the agent to use MOVA plugin tools (mova_hitl_start_po, mova_hitl_decide, mova_hitl_audit) and documents data flows to api.mova-lab.eu and server-side ERP connectors. Requiring the MOVA plugin is coherent with the stated purpose.
指令范围
Instructions are narrowly scoped: call plugin tools, show results, and never make manual HTTP or shell calls. The doc explicitly forbids inventing results and demands surfacing errors. Minor documentation artifacts exist (references to local screenshots/paths and a raw GitHub image URL), but these are presentation/demo items and do not expand runtime privileges.
安装机制
This is an instruction-only skill with no install spec or bundled code. Metadata references an install command for the openclaw-mova plugin (openclaw plugins install openclaw-mova); the skill itself does not download arbitrary artifacts. No archive downloads or non-standard install mechanisms are present in the skill content.
凭证需求
The skill declares no required environment variables or credentials, which is reasonable because MOVA runtime fetches ERP data server-side. However, the skill allows registering real ERP connectors via mova_register_connector with an endpoint and optional auth_header/auth_value — that action will involve supplying credentials or secrets at runtime. Those secrets are not declared as required env vars here (they are optional inputs to a connector call), so users should be aware they'll need to provide ERP credentials when connecting live systems.
持久化与权限
always is false and the skill does not request persistent system-wide privileges. The workflow stores audit records on MOVA/R2 (as claimed) but the skill does not modify other skills or agent configs. Autonomous invocation is allowed (platform default) and is not itself a concern here.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/24

Added Contract Skill type label.

无害

安装命令

点击复制
官方npx clawhub@latest install mova-po-approval
镜像加速npx clawhub@latest install mova-po-approval --registry https://cn.longxiaskill.com

技能文档

Contract Skill — A ready-to-use MOVA HITL workflow. Requires the openclaw-mova plugin.

# MOVA Purchase Order Approval

Submit a purchase order to MOVA for automated risk analysis and a human decision gate — with a tamper-proof audit trail of every procurement decision.

什么 做

  • Risk analysis — AI checks vendor registry, budget utilisation, authority level, 和 detects split-PO fraud patterns
  • Risk snapshot — scores PO (0.0–1.0) 和 surfaces anomaly flags
  • Human decision gate — procurement manager chooses: approve / hold / reject / escalate
  • Audit receipt — every decision signed, timestamped, 和 stored 在...中 immutable compact journal

Requirements

插件: MOVA OpenClaw 插件 必须 installed 在...中 OpenClaw workspace.

ERP connector — 否 additional credentials 必填: Vendor registry, budget data, and authority matrix are fetched server-side by the MOVA runtime. The agent does not need separate ERP credentials.

Data flows:

  • PO ID + approver ID → api.mova-lab.eu (MOVA platform, EU-hosted)
  • ERP data (vendor/budget/authority) → fetched 由 MOVA runtime server-side, 读取-仅, 不 stored
  • Audit journal → MOVA R2 storage, signed
  • 否 data sent 到 第三个 parties beyond 上面

Quick 开始

Say "review PO-2026-004 with approver EMP-1042":

https://raw.githubusercontent.com/mova-compact/mova-bridge/main/test_po_PO-2026-004.png

The agent submits it to MOVA, shows the AI risk analysis with findings and anomaly flags, then asks for your procurement decision.

Demo

Step 1 — Task submitted 带有 PO document !Step 1

Step 2 — AI risk analysis: risk score 0.78, findings, escalate recommended !Step 2

Step 3 — Audit receipt + compact journal !Step 3

为什么 contract execution matters

  • Split-PO fraud detection — policy enforces escalation 当...时 相同 vendor submits multiple POs 在...内 72h 到 bypass approval thresholds
  • Authority enforcement — approver's authority level validated against authority matrix; inadequate authority always routes 到 escalation
  • Immutable audit trail — compact journal records every 事件 带有 cryptographic proof
  • EU AI Act / DORA 就绪 — procurement decisions high-risk financial actions requiring human oversight 和 满 explainability

什么 用户 receives

OutputDescription
Vendor statusregistered / pending / blacklisted
Budget checkwithin budget, utilisation %, remaining
Authority checkadequate / inadequate + reason
Anomaly flagssplit_po_pattern, unregistered_vendor, budget_exceedance, unverified_approver
FindingsStructured list with severity codes (F001, F002…)
Risk score0.0 (clean) – 1.0 (high risk)
Recommended actionAI-suggested decision
Decision optionsapprove / hold / reject / escalate
Audit receipt IDPermanent signed record of the procurement decision
Compact journalFull event log: analysis → snapshot → human decision

当...时 到 trigger

Activate when the user:

  • Mentions PO 数字 (e.g. "PO-2026-001")
  • Asks 到 approve, review, 或 check purchase order
  • Says "procurement approval", "PO review", "check PO"

之前 starting, confirm: "Submit PO [PO-ID] 对于 MOVA risk analysis?"

Step 1 — Submit PO

Call tool mova_hitl_start_po with:

  • po_id: PO 数字 (e.g. PO-2026-001)
  • approver_employee_id: HR employee ID (e.g. EMP-1042)

Step 2 — Show analysis 和 decision options

If status = "waiting_human" — show risk summary and ask to choose:

  • approve — Approve PO
  • hold — Hold 对于 review
  • reject — Reject PO
  • escalate — Escalate 到 director/board

Show recommended option if present (mark ← RECOMMENDED).

Call tool mova_hitl_decide with:

  • contract_id: 从 响应 上面 (不 PO 数字)
  • 选项: chosen decision
  • reason: human reasoning

Step 3 — Show audit receipt

Call tool mova_hitl_audit with contract_id. Call tool mova_hitl_audit_compact with contract_id for the full signed event chain.

Connect real ERP systems

By default MOVA uses a sandbox mock. To route procurement checks against your live ERP, call mova_list_connectors with keyword: "erp".

Relevant connectors:

Connector IDWhat it covers
connector.erp.po_lookup_v1Purchase order data from ERP
connector.erp.vendor_registry_v1Vendor registration status and bank accounts
connector.erp.budget_check_v1Budget availability and utilisation
connector.erp.hr_employee_v1Approver authority level from HR
Call mova_register_connector with connector_id, endpoint, optional auth_header and auth_value.

Rules

  • NEVER 使 HTTP requests manually
  • NEVER invent 或 simulate results — 如果 tool call fails, show exact 错误
  • 使用 MOVA 插件 tools directly — 做 不 使用 exec 或 shell
  • CONTRACT_ID comes 从 mova_hitl_start_po 响应, 不 从 PO 数字
数据来源ClawHub ↗ · 中文优化:龙虾技能库