v1.0.0

Consensus

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:56 AM.

Analysis

The skill does not show credential theft or exfiltration, but its advertised consensus/security-analysis purpose does not match the included generic local data-store script.

GuidanceInstall only if you want a simple local entry tracker. Do not assume it can evaluate consensus protocol security from the provided artifacts, and avoid storing sensitive information in its local data files.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

description: "Analyze consensus operations. Use when you need to understand consensus mechanisms, evaluate protocol security..." ... "add": Add new entry ... "list": List all entries ... "remove": Remove entry by number

The skill is framed as a consensus/protocol-security analysis aid, but its own command documentation is a generic local entry manager rather than consensus-specific analysis guidance.

User impactA user or agent may over-trust the skill for protocol-security work even though the artifacts only support simple local record keeping.

RecommendationReview the skill carefully before relying on it for consensus or security analysis; treat it as a local notes utility unless the publisher provides real consensus-analysis content.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/script.sh

DATA_DIR="${CONSENSUS_DIR:-$HOME/.consensus}" ... printf '{"ts":"%s","cmd":"%s","val":"%s"}\n' ... >> "$DATA_DIR/data.jsonl"

User-provided entries are persisted to a local JSONL file and can later be listed, searched, or exported.

User impactInformation entered into the skill may remain on disk and be reused in later sessions; if entries contain untrusted instructions or sensitive data, they may be surfaced again.

RecommendationAvoid storing secrets or untrusted instructions in entries, and periodically review or delete ~/.consensus if the data is no longer needed.