← Back to Skills Marketplace
kaicianflone

consensus-permission-escalation-guard

by Kai Cianflone · GitHub ↗ · v0.1.13
cross-platform ⚠ suspicious
539
Downloads
0
Stars
0
Active Installs
13
Versions
Install in OpenClaw
/install consensus-permission-escalation-guard
Description
Pre-execution governance for IAM and permission escalation changes. Use when an agent or workflow proposes granting, expanding, or assuming higher privileges...
README (SKILL.md)

consensus-permission-escalation-guard

consensus-permission-escalation-guard is the final safety gate before privilege elevation is applied.

What this skill does

  • validates escalation requests against a strict input schema (reject unknown fields)
  • evaluates hard-block and rewrite policy flags for IAM risk patterns
  • runs persona-weighted voting (or aggregates external votes)
  • returns one of: ALLOW | BLOCK | REQUIRE_REWRITE
  • writes decision artifacts for replay/audit

Decision policy shape

Hard-block examples:

  • wildcard permissions (*, : *, broad owner/admin jumps)
  • missing ticket reference when required
  • break-glass escalation without incident reference
  • separation-of-duties conflicts (e.g., create + approve authority)

Rewrite examples:

  • weak or non-actionable justification
  • temporary duration exceeds policy limit
  • production escalation requires explicit human confirmation gate

Runtime and safety model

  • runtime binaries: node, tsx
  • network behavior: none in deterministic guard logic
  • environment config read by this package: CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT
  • filesystem writes: consensus board/state artifacts under configured state path

Invoke contract

  • invoke(input, opts?) -> Promise\x3COutputJson | ErrorJson>

Modes:

  • mode="persona" (default): uses local deterministic persona defaults for internal voting
  • mode="external_agent": consume external_votes[], then aggregate and enforce policy deterministically

Install

npm i consensus-permission-escalation-guard

Quick start

node --import tsx run.js --input ./examples/input.json

Tests

npm test

Test coverage includes schema rejection, hard-block paths, rewrite paths, allow paths, idempotent retries, and external-agent aggregation behavior.

Note: this skill depends on consensus-guard-core for aggregation/state helpers; review that package alongside this one for full runtime auditability.

See also: SECURITY-ASSURANCE.md for threat model, runtime boundaries, and deployment hardening guidance.

Usage Guidance
This package appears to do what it says: a local, deterministic policy gate that validates escalation requests and writes audit artifacts. Before installing or enabling it in a production agent, do the following: (1) inspect and pin the consensus-guard-core dependency (review its code for any network or credential usage), (2) verify the npm package and lockfile integrity (and prefer installing from your own vetted artifact repository), (3) set CONSENSUS_STATE_ROOT/CONSENSUS_STATE_FILE to a dedicated, non-privileged directory (do not point them at system or secrets directories), (4) run the included tests in an isolated environment, and (5) note the minor metadata mismatch claiming creation of a 'node' binary — confirm your install process does not attempt to alter runtime binaries. If you need higher assurance, ask for the full contents of consensus-guard-core and a dependency supply-chain audit.
Capability Analysis
Type: OpenClaw Skill Name: consensus-permission-escalation-guard Version: 0.1.13 The skill is designed as a security governance gate, performing robust input validation and explicitly declaring no network calls. However, it requires and performs file writes to paths defined by environment variables (`CONSENSUS_STATE_FILE`, `CONSENSUS_STATE_ROOT`) via `src/index.mjs` and its `consensus-guard-core` dependency. While `SECURITY-ASSURANCE.md` and `README.md` strongly warn against pointing these to sensitive directories, this capability represents a significant configuration vulnerability if misconfigured by the agent or user, potentially leading to unauthorized file modification or data exposure. Additionally, the `package-lock.json` reveals a deprecated `prebuild-install` as an optional transitive dependency, which introduces a supply chain risk.
Capability Assessment
Purpose & Capability
Name/description match the code and files: the package validates escalation inputs, computes hard-block/rewrite flags, aggregates persona/external votes, and emits ALLOW/BLOCK/REQUIRE_REWRITE. Required binaries (node, tsx) and state-path env vars (CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT) are appropriate for a local Node-based guard that writes board/state artifacts.
Instruction Scope
SKILL.md and run.js limit behavior to local schema validation, deterministic policy evaluation, and filesystem artifact writes under the configured state path. The runtime explicitly documents no outbound network calls in guard logic and the code enforces input-file constraints (only .json inside CWD). Instructions do reference external_votes mode but require the caller to supply that data.
Install Mechanism
Installation is via npm (reasonable for a Node package). However the registry install metadata claims the package 'creates binaries: node, tsx' — creating the 'node' binary is not realistic for an npm package and appears to be a metadata mismatch. The package depends on consensus-guard-core and common JS deps; review and pin those dependencies. Overall install risk is moderate (typical for npm packages), not a direct red flag, but verify the npm package and lockfile before installing in production.
Credentials
Only two env vars are required (CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT) which are appropriate for configuring where decision artifacts are written. No API keys or unrelated credentials are requested. Caveat: because the package writes artifacts, misconfiguring CONSENSUS_STATE_ROOT to point at sensitive directories would be risky — the skill's docs explicitly advise using a dedicated non-privileged directory.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It persists decision artifacts under the configured state path only. Ensure the state path is constrained and the process runs as a non-root user to limit blast radius.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install consensus-permission-escalation-guard
  3. After installation, invoke the skill by name or use /consensus-permission-escalation-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.13
Bumped consensus-guard-core dependency to ^1.1.15 and rolled forward release.
v0.1.12
Added explicit requires/env/install SKILL metadata for registry scanner parity.
v0.1.11
Declared required state env vars in package config and README for scanner clarity.
v0.1.10
Updated to consensus-guard-core ^1.1.13 with package-root import contract and compatibility fixes.
v0.1.9
Aligned metadata strategy, added SECURITY-ASSURANCE.md, and hardened demo input-path handling.
v0.1.8
Bumped consensus-guard-core dependency to ^1.1.11 and rolled forward release.
v0.1.7
Bumped consensus-guard-core dependency to ^1.1.10 and released patch version.
v0.1.6
Bumped semver deps (consensus-guard-core 1.1.5 / consensus-tools 0.1.8) and version.
v0.1.5
Switched consensus-guard-core dependency from local file path to npm version.
v0.1.4
Clarified install/runtime metadata and explicit local consensus-guard-core dependency source.
v0.1.3
Decoupled guard/provider path; deterministic contract updates.
v0.1.2
Docs portability fix: remove hardcoded repo cd from quick-start; keep guard behavior unchanged.
v0.1.1
Initial release: permission escalation guard with strict schema validation, policy flags, idempotency, board artifacts, and vector-driven tests.
Metadata
Slug consensus-permission-escalation-guard
Version 0.1.13
License
All-time Installs 0
Active Installs 0
Total Versions 13
Frequently Asked Questions

What is consensus-permission-escalation-guard?

Pre-execution governance for IAM and permission escalation changes. Use when an agent or workflow proposes granting, expanding, or assuming higher privileges... It is an AI Agent Skill for Claude Code / OpenClaw, with 539 downloads so far.

How do I install consensus-permission-escalation-guard?

Run "/install consensus-permission-escalation-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is consensus-permission-escalation-guard free?

Yes, consensus-permission-escalation-guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does consensus-permission-escalation-guard support?

consensus-permission-escalation-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created consensus-permission-escalation-guard?

It is built and maintained by Kai Cianflone (@kaicianflone); the current version is v0.1.13.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments