consensus-deployment-guard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency update could affect how decisions are aggregated or stored.
The skill depends on external npm packages, including a core package used for aggregation and state handling, with semver ranges. This is normal for a Node package but important for a deployment gate.
"dependencies": { ... "consensus-guard-core": "^1.1.15", "tsx": "^4.20.3" }Use a lockfile or pinned dependency policy in CI, and review consensus-guard-core before relying on the skill for production release gates.
If the state file or directory is stale or tampered with, future deployment checks may replay an old decision.
The skill stores decision artifacts and reuses prior decisions for idempotency. This is expected audit behavior, but persistent state becomes part of future decision context.
const prior = await getDecisionByKey(board_id, idem, statePath); if (prior?.response) return prior.response; ... writeArtifact(board_id, 'decision', ... statePath);
Store state in a dedicated non-privileged directory with restricted write access, and use a fresh request or state reset when a deployment needs full re-evaluation.
If untrusted systems can provide external_votes, they could influence an ALLOW, BLOCK, or REQUIRE_REWRITE result.
In external_agent mode, supplied external votes directly feed the deployment decision aggregation. The artifacts show schema validation, but not identity or provenance checks for those votes.
const votes = externalMode ? input.external_votes : makeVotes(personaSet, flags); const ag = aggregateVotes(votes, { method: 'WEIGHTED_APPROVAL_VOTE', approve_threshold: 0.7 });Only enable external_agent mode when votes are collected through an authenticated, trusted workflow, and do not accept vote payloads directly from untrusted agents or users.