consensus-permission-escalation-guard
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a clearly described local policy gate for permission-escalation requests, with noteworthy but disclosed state-file, dependency, and decision-authority considerations.
Before installing, confirm that the state path is dedicated and non-privileged, dependencies are pinned and reviewed, and any workflow using an ALLOW result still applies your organization’s approval rules for sensitive permission changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to an automation pipeline, its decisions could influence whether higher privileges are granted.
The skill's output may be used by other workflows before permission escalation, so an ALLOW result can have high operational importance even though this package does not itself mutate IAM.
`consensus-permission-escalation-guard` is the final safety gate before privilege elevation is applied.
Use it as a governance signal with clear downstream approval rules, especially for production or permanent privilege changes.
A dependency update could affect aggregation, state, or artifact behavior in a security-sensitive policy gate.
The package relies on an external helper dependency for shared guard behavior, and the semver range may allow newer dependency versions unless the installer pins or uses the lockfile.
"consensus-guard-core": "^1.1.15"
Pin dependencies in production and review consensus-guard-core alongside this package, as the maintainer also recommends.
Stored decision artifacts could contain subjects, resources, tickets, justifications, and requested permissions.
The skill persistently writes audit/state artifacts, which is expected for replay and idempotency but may preserve permission-request details across runs.
filesystem writes: consensus board/state artifacts under configured state path
Point CONSENSUS_STATE_ROOT and CONSENSUS_STATE_FILE at a dedicated, access-controlled location and define retention expectations.
Untrusted or spoofed vote inputs could influence a REQUIRE_REWRITE, BLOCK, or ALLOW decision if the caller accepts them unchecked.
External-agent vote inputs are an intended mode and can influence aggregation; the artifacts describe schema validation but not independent origin verification for those votes.
mode="external_agent": consume `external_votes[]`, then aggregate and enforce policy deterministically
Only pass external_votes from authenticated, trusted sources and keep provenance/audit metadata with each vote.