ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

consensus-persona-respawn

v1.1.13

Ledger-informed persona lifecycle management. Replaces low-performing personas with successor personas derived from mistake patterns in board decision histor...

0· 520·0 current·0 all-time
byKai Cianflone@kaicianflone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (persona respawn from ledger history) align with required binaries (node, tsx), the npm package install, and the code which reads/writes board artifacts under a configured consensus state path. Required env vars (CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT) are coherent with a filesystem-backed state store.
Instruction Scope
SKILL.md and run.js/index.mjs limit runtime actions to reading the configured consensus state and writing persona_respawn/persona_set artifacts. There are no unexpected network calls, credential reads, or instructions to access unrelated system files.
Install Mechanism
Install uses a published npm package (consensus-persona-respawn) and depends on consensus-guard-core and tsx; this is an expected and traceable mechanism. No downloads from arbitrary URLs or extract-from-URL steps are present.
Credentials
The skill declares only state-path environment variables (CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT) and no secret tokens. The code itself calls resolveStatePath(opts) rather than reading process.env directly, but requiring state-path env vars is proportionate to a filesystem-backed ledger.
Persistence & Privilege
The skill is not always-on (always:false), does not request system-wide privileges, and only writes artifacts under the configured consensus state path. It does not modify other skills' configs.
Assessment
This skill appears internally consistent for local, ledger-backed persona maintenance. Before installing: (1) confirm CONSENSUS_STATE_FILE / CONSENSUS_STATE_ROOT point to the intended state JSON (or supply statePath in opts) so artifact writes go to the right place; (2) review the behavior of consensus-guard-core/writeArtifact in your environment to ensure artifact writes are acceptable; (3) run the included tests in a disposable environment to verify expected behavior; (4) note that the package has no external credential or network requirements in shipped logic, but you should still pin dependencies and review upstream packages if you plan to run this in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b5k4xcvy724bg5c1h5ddz258253kj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, tsx
EnvCONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT

Install

Nodenpm i -g consensus-persona-respawn

Comments