consensus-code-merge-guard
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: consensus-code-merge-guard Version: 1.1.15 The skill is designed for code merge governance, evaluating PR risk and recording audit artifacts locally. It explicitly declares no network calls in its decision path and performs local filesystem writes for state management, as confirmed by `SKILL.md`, `metadata.json`, and `src/index.mjs`. Input validation is implemented in `src/index.mjs` to reject unknown fields. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts in any of the analyzed files. File system interactions are confined to its stated purpose of writing structured decision artifacts, relying on environment variables (`CONSENSUS_STATE_ROOT`, `CONSENSUS_STATE_FILE`) for path resolution, which is a configuration concern for the agent rather than malicious intent within the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency update could change behavior even though the skill's own source appears coherent.
The skill is installed from npm and depends on external packages. The caret ranges are normal for npm, but they are not exact pins, so installs may pick up compatible future versions unless the lockfile is enforced.
"dependencies": { "consensus-guard-core": "^1.1.15", "tsx": "^4.20.3" }Use the included lockfile or exact dependency pinning in CI/automation, and verify the provenance of consensus-guard-core before relying on this in merge gates.
If the state path contains stale, corrupted, or untrusted artifacts, future merge decisions could be affected.
The code reads from and writes to persistent consensus board state. This is disclosed and purpose-aligned, but stored board/persona artifacts can influence later governance decisions.
getDecisionByKey(board_id,idem,statePath); ... getLatest(board_id,'persona_set',statePath); ... writeArtifact(board_id,'decision',...)
Keep the consensus state directory scoped to the intended project, protect it from untrusted writers, and avoid treating stored audit text as executable instructions.
Untrusted or spoofed external votes could influence the returned MERGE/BLOCK/REVISE decision if the caller does not authenticate and validate vote sources.
In external_agent mode, the included code accepts externally supplied votes and only confirms they are an array before aggregation.
if(i.external_votes!==undefined && !Array.isArray(i.external_votes)) return 'external_votes must be array'; ... const votes=externalMode ? input.external_votes : makeVotes(...)
Only feed external votes from trusted, authenticated agents or humans, and validate vote schemas and identities before invoking this skill in an automated merge workflow.