ClawHub

Consensus Publish Guard

v1.1.17

Persona-weighted governance for outbound publishing (blog, social, announcements). Prevents unsafe public claims via hard-block checks, weighted consensus, r...

0· 401·0 current·0 all-time
byKai Cianflone@kaicianflone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (persona-weighted publish guard) match the code and declared requirements: Node/tsx runtime, an npm package install, and two state-related env vars for the consensus state path. The package depends on consensus-guard-core for board operations which is expected for this role.
Instruction Scope
SKILL.md and code show a purely local decision path that reads an input JSON, computes votes/aggregation, and writes audit artifacts to a configured state path. The logic does not access unrelated system paths or request unrelated credentials. Caveat: board operations are delegated to consensus-guard-core (not included here), so its exact I/O/network behavior should be audited to fully confirm the 'no network calls' claim.
Install Mechanism
Install is via npm (consensus-publish-guard) which is normal for a Node skill. package-lock.json is present. This is moderate-risk compared to instruction-only skills because installing pulls code from the npm registry (including consensus-guard-core). No arbitrary remote download URLs, extract-from-URL, or obscure hosts were used.
Credentials
The only required env vars are CONSENSUS_STATE_FILE and CONSENSUS_STATE_ROOT, which match the stated need to locate/persist board state artifacts. No unrelated secrets (AWS keys, tokens, etc.) are requested.
Persistence & Privilege
always:false (no forced global presence). The skill writes its own decision/artifact files under the configured state path and creates output files (./out) when run via run.js. It does not request system-wide privilege changes or modify other skills' configs.
Assessment
This skill appears to do what it says: a local, deterministic publish guard that writes audit artifacts to a configured state path. Before installing, verify the consensus-guard-core dependency (it performs board reads/writes and may introduce additional I/O or network behavior), ensure CONSENSUS_STATE_FILE/CONSENSUS_STATE_ROOT point to a directory where you permit writes and that no sensitive secrets are stored there, and run the included tests (npm test / demo) in a sandbox. If you need absolute assurance of 'no network calls', inspect or vendor-lock the consensus-guard-core package source or run the guard in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk974vp9pt2s06qs6jw14s2ry4182mxks

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, tsx
EnvCONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT

Install

Nodenpm i -g consensus-publish-guard

Comments