Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
consensus-engineer
v1.0.0AI solution architect for consensus-tools. Interactive multi-step skill that analyzes your project, recommends consensus-tools integration, scaffolds setup,...
⭐ 0· 81·0 current·0 all-time
byKai Cianflone@kaicianflone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (consensus-tools integration, scaffolding, proof) matches the SKILL.md content and the large llms.txt reference. The skill is instruction-only and requests no unrelated binaries, credentials, or config paths; its allowed tools (Read, Write, Edit, Bash, Grep, Glob, Agent, AskUserQuestion) are appropriate for project analysis and scaffolding.
Instruction Scope
SKILL.md explicitly instructs the agent to read llms.txt and project files (package.json, tsconfig, .consensus, and pattern-check .env filenames) and to gate every phase with AskUserQuestion. This is in-scope for a project-scaffolding assistant. Note: it instructs the agent to detect .env patterns but explicitly says not to read .env contents; still, the agent is granted file-reading/editing tools so you should confirm it does not access secrets you care about.
Install Mechanism
There is no install spec and no code files provided by the skill itself (instruction-only). The SKILL.md references normal project commands (pnpm, npx) as examples; any package installs would be user-initiated and external to the skill bundle. This is the lower-risk model for skills, but running suggested installs will perform network fetches (npm/pnpm).
Credentials
The skill declares no required environment variables. metadata.json lists optional LLM-related env vars (OPENAI_API_KEY, ANTHROPIC_API_KEY, LANGCHAIN_API_KEY) which are reasonable only if the user opts into LLM-based evaluation or LangChain tracing. No unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request modifications to other skills or system-wide agent settings. As an instruction-only skill, it does not persist code by itself; however, its allowed tools include Write/Edit/Bash so the agent could create or modify files if you permit it—review generated changes before executing them.
Scan Findings in Context
[system-prompt-override] expected: SKILL.md contains many prescriptive runtime instructions ('ALWAYS follow this structure', gating rules, reference llms.txt by section) which look like prompt-engineering directives. For an instruction-only skill this is expected, but any strong attempt to override broader system prompts should be reviewed before execution.
Assessment
This skill appears coherent with its stated job: it reads the included llms.txt, inspects your project files, helps scaffold consensus-tools artifacts, and can suggest commands to run. Because it is instruction-only, installing it does not drop code on disk, but the agent is allowed to read and write files and run shell commands: (1) Review SKILL.md and llms.txt yourself first so you understand what it will change. (2) Keep secrets out of the repository (remove or never expose .env contents) before running any automated analysis. (3) When the skill suggests running package installs (pnpm, npx) or running generated scripts, inspect the generated files and package.json changes prior to executing to avoid supply-chain risks. (4) If you will allow LLM-driven evaluations, only provide API keys you trust and consider using scoped/test keys. (5) Note the scanner flagged a system-prompt-override pattern — this is expected for directive-rich instruction files but warrants a quick manual read to ensure no unexpected autonomous behavior is being enforced. If you want greater safety, run the skill in an isolated environment or a disposable repo copy.Like a lobster shell, security has layers — review code before you run it.
latestvk97frtqhdgwgybbz7abcs8bqb583acdz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.