consensus-guard-core
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent local consensus-policy library with disclosed board-state read/write behavior and npm dependencies, but no evidence of hidden credentials, network exfiltration, or destructive actions.
Before installing, confirm that you trust the npm package source and dependencies, run it with a dedicated non-privileged consensus state directory, and only allow workflows you trust to call writeArtifact or writeDecision because those records may influence later governed decisions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If another skill or workflow calls these helpers, it can add durable governance decisions or artifacts that later workflows may trust.
The exported helper can create, submit, and resolve local board artifact jobs using caller-provided board/type/payload values. This is core to the stated purpose, but it is mutation authority over consensus board state.
export async function writeArtifact(boardId, type, payload, statePath) { ... engine.postJob('orchestrator@local', ...); ... engine.submitJob(...); await engine.resolveJob(...);Use these helpers only in workflows that intentionally write consensus state, and keep human approval or workflow-level policy around decision writes where the downstream impact is important.
Future installs may resolve compatible newer dependency versions, which could change behavior if dependencies update.
Installation relies on npm dependencies with semver range specifiers. This is normal for a Node package, but users who require deterministic installs should pin and audit these dependencies rather than relying only on the package claim of reproducibility.
"dependencies": { "@consensus-tools/consensus-tools": "^0.2.0", "tsx": "^4.20.3" }Install from a trusted source, use a lockfile or exact dependency pins in production, and audit transitive dependencies periodically.
A bad or unintended board artifact could influence later consensus decisions that read the cached or persisted state.
The package indexes and caches persisted board artifacts such as policies, persona sets, and decisions for later reuse. That is purpose-aligned, but persistent governance context can be over-trusted if the state directory is writable by untrusted workflows.
const idx = { latest_by_type:{}, persona_by_id:{}, idempotency:{} }; ... idx.latest_by_type[art.type] = art.payload; ... cache.set(k, idx);Store consensus state in a dedicated directory with appropriate permissions, and treat board artifacts as trusted only when their write path is controlled.