shield_lock
金大哥
返回 Skill 列表
extension
分类: 其它需要 API Key

Mova Supply Chain Risk

通过 MOVA HITL 对供应商进行制裁名单、PEP 注册、ESG 评分和金融稳定性数据筛查,然后将结果提交人工采购审查。

person作者: mova-compacthubclawhub
open_in_new仓库download下载资源包

Contract Skill — A ready-to-use MOVA HITL workflow. Requires the openclaw-mova plugin.

MOVA Supply Chain Risk Analysis

Screen your supplier list against sanctions registries, PEP databases, ESG ratings, and financial stability indicators — with a per-supplier risk band, source citations, and a mandatory human procurement decision gate backed by a tamper-proof audit trail.

What it does

  1. Supplier ingestion — accepts a list of supplier names, IDs, countries, and procurement category
  2. Multi-source screening — OFAC / EU / UN sanctions, PEP registries, ESG ratings, adverse media, financial stability
  3. Risk report — per-supplier risk band (low / medium / high / critical) with source citations and finding details
  4. Human gate — procurement manager reviews findings and chooses: approve all / approve clean only / reject all / escalate
  5. Audit receipt — all data sources, query timestamps, screening results, and the human decision are logged for supply chain transparency audits

Mandatory escalation rules enforced by policy:

  • Sanctions hit on any supplier → immediate escalation, cannot approve batch
  • Critical risk band (≥ 2 suppliers) → mandatory escalation to compliance team
  • PEP flag with procurement value above threshold → escalate required

Requirements

Plugin: MOVA OpenClaw plugin must be installed in your OpenClaw workspace.

Data flows:

  • Supplier data + procurement category → api.mova-lab.eu (MOVA platform, EU-hosted)
  • Supplier names/countries → sanctions & PEP screening (OFAC, EU, UN — read-only)
  • Supplier IDs → ESG ratings and adverse media lookup (read-only)
  • Supplier name/country → company registry and financial stability check (read-only)
  • Audit journal → MOVA R2 storage, signed
  • No data stored locally or sent to third parties beyond the above

Demo

Step 1 — Supplier batch submitted with screening request Step 1

Step 2 — AI screening: sanctions hit on SUP-002, ESG risk on SUP-003, mandatory escalation triggered Step 2

Step 3 — Audit receipt + signed decision log Step 3

Quick start

Say "screen these suppliers for procurement" and provide:

suppliers:
  - id: SUP-001, name: Acme GmbH, country: DE
  - id: SUP-002, name: Delta LLC, country: US
category: raw_materials
requestor_id: EMP-2201

The agent submits the batch, shows the per-supplier risk report with sanctions and ESG findings, then asks for your procurement decision.

Why contract execution matters

  • Sanctions rules are policy, not prompts — any sanctions hit triggers mandatory escalation that cannot be bypassed
  • Multi-source traceability — every finding is tagged with its source (OFAC / EU / UN / ESG / registry)
  • Immutable audit trail — when a compliance officer or regulator asks "who cleared supplier SUP-002 and why?" — the answer is in the system
  • EU Supply Chain Due Diligence / OFAC ready — procurement decisions require documented screening history, source citations, and human sign-off

What the user receives

| Output | Description | |--------|-------------| | Suppliers screened | Total count in batch | | Critical / high / medium / low | Count per risk band | | Per-supplier risk band | low / medium / high / critical | | Sanctions result | OFAC / EU / UN hit or clear with match details | | PEP flag | PEP status and category | | ESG score | Rating and adverse media flags | | Financial stability | Registration status, insolvency signals | | Findings | Per-supplier structured list with source and severity | | Recommended action | AI-suggested decision | | Decision options | approve_all / approve_clean / reject_all / escalate | | Audit receipt ID | Permanent signed record of the procurement decision | | Compact journal | Full event log: screening → risk report → human decision |

When to trigger

Activate when the user:

  • Provides a supplier list (names, IDs, or CSV)
  • Says "screen these vendors", "run supply chain check", "due diligence on supplier"
  • Asks to prepare a procurement risk report before signing contracts

Before starting, confirm: "Screen [COUNT] suppliers for MOVA supply chain risk analysis?"

If supplier data is missing — ask once for: supplier names/IDs, country of registration, procurement category.

Step 1 — Submit supplier list for screening

Call tool mova_hitl_start_supply_chain with:

  • suppliers: array of objects with id, name, country (ISO 3166-1 alpha-2)
  • category: raw_materials / logistics / technology / services
  • requestor_id: employee ID of the procurement requestor

Step 2 — Show risk report and decision options

If status = "waiting_human" — show the screening summary:

Suppliers screened: COUNT
Critical:           CRITICAL_COUNT
High risk:          HIGH_COUNT
Clean:              CLEAN_COUNT

[Per-supplier table: ID | Name | Country | Risk band | Top finding]
Recommended action: ACTION ← RECOMMENDED

| Option | Description | |---|---| | approve_all | Approve all screened suppliers | | approve_clean | Approve only clean suppliers, block high-risk | | reject_all | Block entire batch pending further review | | escalate | Escalate to compliance team |

Call tool mova_hitl_decide with:

  • contract_id: from the response above — this is ctr-scr-xxxxxxxx, NOT a supplier ID
  • option: chosen decision
  • reason: procurement manager reasoning (required for reject_all and escalate)

Step 3 — Show audit receipt

Call tool mova_hitl_audit with contract_id. Call tool mova_hitl_audit_compact with contract_id for the full signed screening chain.

Connect your real screening systems

By default MOVA uses a sandbox mock. To route checks against your live infrastructure, call mova_list_connectors with keyword: "supply".

Relevant connectors:

| Connector ID | What it covers | |---|---| | connector.screening.pep_sanctions_v1 | PEP & sanctions screening (OFAC, EU, UN) | | connector.esg.ratings_v1 | ESG ratings and adverse media | | connector.data.company_registry_v1 | Company registration status | | connector.data.company_enrichment_v1 | Financial stability and enrichment data |

Call mova_register_connector with connector_id, endpoint, optional auth_header and auth_value.

Rules

  • NEVER make HTTP requests manually
  • NEVER invent or simulate screening results — if a tool call fails, show the exact error
  • Use MOVA plugin tools directly — do NOT use exec or shell
  • CONTRACT_ID is ctr-scr-xxxxxxxx from the mova_hitl_start_supply_chain response — NOT a supplier ID