consensus-guard-core
v1.1.13Open-source Consensus.Tools skill for governed AI decisions with board-native artifacts, strict JSON contracts, and deterministic policy behavior.
⭐ 0· 463·1 current·1 all-time
byKai Cianflone@kaicianflone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (policy primitives for consensus guards) align with the code and SKILL.md: deterministic vote aggregation, reputation updates, idempotency, schema helpers, and board state helpers. The package depends on @consensus-tools/consensus-tools which matches its role as part of a consensus stack. Minor inconsistency: SKILL.md lists runtime binaries ('node', 'tsx') and env vars used for state paths while the registry metadata claims no required binaries/env vars.
Instruction Scope
Runtime instructions and code stay within the stated scope: no model/provider calls, no outbound network in the core, and filesystem writes only occur when callers invoke write helpers. The resolveStatePath implementation confines state files under a configured root, preventing directory traversal. The code does import internal storage/engine helpers from @consensus-tools/consensus-tools, which is expected for tight integration but couples this package to that dependency's internal layout.
Install Mechanism
There is no platform install spec (instruction-only), but the SKILL.md and package.json show normal npm usage (npm i consensus-guard-core). The code and package-lock are included in the bundle; dependencies are semver-pinned. No external download URLs or unusual installers are used. Consumers should still audit transitive dependencies (e.g., optional native deps like better-sqlite3 in the dependency tree).
Credentials
No API credentials are requested and none appear in code. The package reads two environment variables for configuration (CONSENSUS_STATE_FILE and CONSENSUS_STATE_ROOT) but these are optional and default to safe values; the registry metadata did not declare them as required, which is a metadata mismatch but not a privilege escalation. No secrets/external tokens are requested or accessed.
Persistence & Privilege
The skill writes artifacts to local board/state files when callers call write helpers. The state path resolution enforces confinement under a configurable root and hashes absolute paths into an _abs directory, reducing risk of writing to arbitrary system locations. The skill does not request permanent 'always' inclusion and does not modify other skills' configurations.
Assessment
This package appears to do what it claims: local deterministic policy primitives that read/write a configurable state directory and require no API keys or network. Before installing, confirm: 1) you are comfortable giving it a dedicated state directory (set CONSENSUS_STATE_ROOT to a non-privileged folder), 2) you or your supply-chain process audit the @consensus-tools/consensus-tools dependency and other transitive packages (native optional deps like better-sqlite3 may be pulled in by consumers), and 3) consumers import the stable package API (not fragile internal paths). The only noteworthy inconsistencies are metadata vs SKILL.md (runtime binaries and optional env vars) and the library’s direct imports of internal files from @consensus-tools — these are maintainability/supply-chain risks, not indicators of malicious behavior. Run npm test in an isolated environment and review the dependency tree if you require higher assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk97c4w6d46szmbnzhyrbt1jrkn8242r7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.