consensus-guard-core
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: consensus-guard-core Version: 1.1.13 The skill bundle is classified as benign. It provides core policy primitives for a 'Consensus' ecosystem, explicitly stating its purpose to manage state and artifacts locally. The `SKILL.md` and `SECURITY-ASSURANCE.md` are transparent about filesystem writes and the absence of network calls in core logic. Crucially, `src/state-path.mjs` includes robust path sanitization and confinement logic, explicitly tested in `tests/core.test.mjs`, to prevent path traversal. Furthermore, `security-policy.json` and its enforcement script (`scripts/ci/check-security-policy.mjs`) actively forbid runtime dependencies on LLM provider SDKs, reinforcing the skill's 'primitives-only' nature and preventing unauthorized external API calls. There is no evidence of intentional malicious behavior, prompt injection, or exploitation attempts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If another skill or workflow calls these helpers, it can add durable governance decisions or artifacts that later workflows may trust.
The exported helper can create, submit, and resolve local board artifact jobs using caller-provided board/type/payload values. This is core to the stated purpose, but it is mutation authority over consensus board state.
export async function writeArtifact(boardId, type, payload, statePath) { ... engine.postJob('orchestrator@local', ...); ... engine.submitJob(...); await engine.resolveJob(...);Use these helpers only in workflows that intentionally write consensus state, and keep human approval or workflow-level policy around decision writes where the downstream impact is important.
Future installs may resolve compatible newer dependency versions, which could change behavior if dependencies update.
Installation relies on npm dependencies with semver range specifiers. This is normal for a Node package, but users who require deterministic installs should pin and audit these dependencies rather than relying only on the package claim of reproducibility.
"dependencies": { "@consensus-tools/consensus-tools": "^0.2.0", "tsx": "^4.20.3" }Install from a trusted source, use a lockfile or exact dependency pins in production, and audit transitive dependencies periodically.
A bad or unintended board artifact could influence later consensus decisions that read the cached or persisted state.
The package indexes and caches persisted board artifacts such as policies, persona sets, and decisions for later reuse. That is purpose-aligned, but persistent governance context can be over-trusted if the state directory is writable by untrusted workflows.
const idx = { latest_by_type:{}, persona_by_id:{}, idempotency:{} }; ... idx.latest_by_type[art.type] = art.payload; ... cache.set(k, idx);Store consensus state in a dedicated directory with appropriate permissions, and treat board artifacts as trusted only when their write path is controlled.