consensus-interact
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent consensus.tools workflow helper, with disclosed risks around installing an external plugin, using optional hosted-board credentials, and changing consensus-board state.
This skill appears reasonable for its stated purpose. Before installing, verify the npm/OpenClaw package source and version, keep hosted-board tokens scoped, leave network side effects disabled unless you intend remote mutations, avoid putting sensitive data into shared or hosted boards, and review important consensus results before acting on them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the plugin hands runtime behavior to an external package, so a compromised or unexpected package version could affect the agent environment.
The skill relies on installing an external npm/OpenClaw package that is not bundled in the artifact set and is not version-pinned in the install instructions. This is disclosed and central to the purpose.
npm i @consensus-tools/consensus-tools; openclaw plugins install @consensus-tools/consensus-tools
Install only from the expected package/source, pin or review the version where possible, and verify the package before enabling it in sensitive environments.
If enabled, the agent can affect consensus workflows, including votes, outcomes, and local credit/reward accounting.
The plugin tools can create jobs, submit artifacts, cast votes, and resolve results, which mutate local or hosted consensus board state. The artifacts disclose these side effects and describe opt-in safety controls.
`consensus-tools_post_job` ... `consensus-tools_submit` ... `consensus-tools_vote` ... Side-effect tools are optional by default
Keep side-effect tools opt-in, review job/vote/resolve actions for high-stakes boards, and enable hosted mutations only when intended.
A configured hosted-board token could let the agent read or change remote consensus jobs according to that token's permissions.
Hosted/global mode may use an API key or access token for board access. This credential use is optional and documented, but it grants delegated authority over the hosted board.
"optionalEnvVars": ["CONSENSUS_MODE", "CONSENSUS_URL", "CONSENSUS_BOARD_ID", "CONSENSUS_API_KEY"]
Use scoped tokens, avoid exposing tokens in prompts or shared logs, and rotate/revoke hosted-board credentials if they may have been disclosed.
A flawed consensus result could be carried into later tasks or self-improvement workflows as if it were authoritative.
The skill directs agents to reuse consensus results as trusted context. That is purpose-aligned, but bad or adversarial submissions/votes could influence downstream decisions if results are over-trusted.
Fetch the result and use it as the trusted output.
Treat consensus outputs as decision aids for important actions, preserve provenance, and require human review for high-impact or adversarial inputs.