consensus-deployment-guard
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent deployment decision gate with no clear malicious behavior, but its persistent state and external-vote mode should be used only with trusted inputs and protected storage.
Before installing, decide whether this skill will be advisory or will gate real deployments. If it is used in CI/CD, pin and review dependencies, set CONSENSUS_STATE_ROOT/CONSENSUS_STATE_FILE to a dedicated protected directory, and only feed it deployment facts and external votes from trusted authenticated systems.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency update could affect how decisions are aggregated or stored.
The skill depends on external npm packages, including a core package used for aggregation and state handling, with semver ranges. This is normal for a Node package but important for a deployment gate.
"dependencies": { ... "consensus-guard-core": "^1.1.15", "tsx": "^4.20.3" }Use a lockfile or pinned dependency policy in CI, and review consensus-guard-core before relying on the skill for production release gates.
If the state file or directory is stale or tampered with, future deployment checks may replay an old decision.
The skill stores decision artifacts and reuses prior decisions for idempotency. This is expected audit behavior, but persistent state becomes part of future decision context.
const prior = await getDecisionByKey(board_id, idem, statePath); if (prior?.response) return prior.response; ... writeArtifact(board_id, 'decision', ... statePath);
Store state in a dedicated non-privileged directory with restricted write access, and use a fresh request or state reset when a deployment needs full re-evaluation.
If untrusted systems can provide external_votes, they could influence an ALLOW, BLOCK, or REQUIRE_REWRITE result.
In external_agent mode, supplied external votes directly feed the deployment decision aggregation. The artifacts show schema validation, but not identity or provenance checks for those votes.
const votes = externalMode ? input.external_votes : makeVotes(personaSet, flags); const ag = aggregateVotes(votes, { method: 'WEIGHTED_APPROVAL_VOTE', approve_threshold: 0.7 });Only enable external_agent mode when votes are collected through an authenticated, trusted workflow, and do not accept vote payloads directly from untrusted agents or users.