You can check if this is a bug by evaluating the requests. With the Chrome Developer Tools you can check the request and identify if there is an object to pass, and if it actually is included.

Below you can see a couple of screenshot to find what you are looking for. When loading the page you can see the requests "retrieveId " which pull in the objects that you are showing in the browser.
Those objects are passed into the microflow, you can see in the requests below how. The nrs you see are the GUIDs which uniquely identify the objects in your application. Every entity has it's own raange of numbers. With the GUID you can try to recognize the objects.

It could be for example that your dataview does not contain an entity (security?), and depending on how the widget is programmed it might still execute your microflow.

This requests is a microflow call (execute action) without any parameters.

This request includes a GUID indicating that the GUID should be used as input parameter.

Some requests might contain GUIDs in the context, you should ignore those. The context is used by the platform to evaluate cached objects among other things.

I've seen this caused before by a faulty security configuration.Try flipping your project security down to Prototype/Demo, and see if the microflow works then. If it does, you could then dig deeper on the missing security permission.