← Back to Skills Marketplace
668
Downloads
0
Stars
1
Active Installs
10
Versions
Install in OpenClaw
/install quorum
Description
Multi-agent validation framework — 6 independent AI critics evaluate artifacts against rubrics with evidence-grounded findings.
Usage Guidance
Summary of what to check and how to reduce risk before installing or running this skill:
1) Audit the repo and dependencies first: do a manual git clone and inspect requirements.txt, CLI entry points, and any setup/install scripts before running pip install. Consider installing into an isolated virtualenv or disposable container/VM.
2) Review prompts and agent templates: the package includes many prompt files; search for phrases like 'ignore previous' or 'system prompt' and confirm they are used only internally and not sent to models in ways that would elevate privileges or leak secrets.
3) Limit API key exposure: provide only the provider key(s) you intend to use (Anthropic or OpenAI), and use scoped/ephemeral keys where possible. Treat these keys as sensitive — the tool will send artifact contents to those model endpoints.
4) Control automatic edits: the Fixer component can apply proposed fixes. Before running, check configuration options (or run in a 'dry-run' / --no-fixer mode) so the tool does not modify source files without explicit approval.
5) Sandbox runs when validating sensitive artifacts: the tool will run local linters, may invoke shell commands, and will call LLM APIs (network traffic). Run the tool on non-sensitive examples first and consider network-restricted testing for artifacts containing secrets.
6) Inspect prescreen/outputs: Quorum writes prescreen.json, verdict.json, report.md, and known_issues.json — review these outputs for unexpected data collection. Remove or redact secrets from artifacts before validation.
7) If you need stronger assurance: ask the maintainer for a signed release (PyPI release or GitHub release tag), or prefer installing the published PyPI package (quorum-validator) rather than cloning main, after verifying release provenance.
If you want, I can: (a) point out specific files that mention automatic 'apply' behavior, (b) fetch and summarize requirements.txt for further scrutiny, or (c) list the prompt/template files that contain the prompt-injection patterns so you can inspect them.
Capability Analysis
Type: OpenClaw Skill
Name: quorum
Version: 0.7.3
The Quorum skill bundle is a comprehensive multi-agent validation framework designed to evaluate code, configurations, and research artifacts against structured rubrics. The implementation is highly professional, featuring a deterministic pre-screen layer (prescreen.py) that uses regex and integrated SAST tools (Ruff, Bandit, DevSkim) to catch common errors, and a multi-phase LLM pipeline (pipeline.py) for semantic analysis. The security critic is grounded in industry standards like OWASP ASVS and CWE. While the tool requires API keys and has broad file-read capabilities, these are strictly aligned with its stated purpose of quality assurance. No evidence of malicious intent, data exfiltration, or adversarial prompt injection was found.
Capability Assessment
Purpose & Capability
The name/description (multi-agent validation) align with the included code and instructions: the repository contains a full Python reference implementation, CLI, rubrics, and prompt templates for multiple critics. Requiring python3/pip is appropriate. However the registry metadata and the SKILL.md are inconsistent about whether this is instruction-only vs. an installable package (SKILL.md includes an install command that clones the repo and pip-installs requirements). Also the skill declares both ANTHROPIC_API_KEY and OPENAI_API_KEY as required; that matches the project's multi-provider support but may be unnecessary if you only intend to use one provider.
Instruction Scope
Runtime instructions include cloning the repo and pip installing requirements (downloads and executes third‑party code), running the CLI which will run deterministic prescreens and then multiple LLM-based critics, and the codebase documents a Fixer agent that 'proposes and applies fixes' (may modify files). The pipeline also references executing shell tools, running linters (Ruff/Bandit/DevSkim/PSScriptAnalyzer), and performing web searches; these are within the claimed purpose but expand the agent's authority to run local commands and network I/O and to modify artifacts — a material permission that should be explicitly controlled by the user.
Install Mechanism
SKILL.md's frontmatter includes an install step that runs 'git clone https://github.com/SharedIntellect/quorum.git /tmp/quorum-install && cd ... && pip install -r requirements.txt'. Cloning from GitHub is a well-known host, but pip-installing remote requirements will install arbitrary packages and may execute installation hooks. This is a standard but non-trivial install vector and should be audited (inspect requirements.txt and the repository) before running.
Credentials
The skill requests ANTHROPIC_API_KEY and OPENAI_API_KEY. The project supports multiple model providers, so requesting both keys is explainable, but the registry lists both as required even though SKILL.md suggests you can set one provider in config. Requiring multiple high-privilege API keys by default increases exposure; prefer providing only the provider(s) you will actually use and follow least-privilege practices (use separate, scoped accounts where available).
Persistence & Privilege
always:false (good), and the skill is user-invocable/autonomous invocation is allowed (default). The implementation writes run outputs (prescreen.json, verdict.json, report.md) and quorum-config.yaml, and includes an optional Fixer that can apply edits to targets. The ability to modify files and to persist a learning memory (known_issues.json) increases the risk profile — you should confirm and control whether automatic edits are enabled and where run artifacts are written.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install quorum - After installation, invoke the skill by name or use
/quorum - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.7.3
fix: pre-existing code quality findings + patch __version__ to 0.7.3
v0.7.2
v0.7.2: TesterCritic wired as Phase 3 (L1 deterministic + L2 LLM), golden test set (40 artifacts + scoring framework), documentation rubric (12 criteria), confidence replaced by coverage counts, docs restructure, self-validation pipeline
v0.5.1
Parallel execution (4x critic speed), Python code rubric (25 criteria), Fixer agent (concrete fix proposals for CRITICAL/HIGH findings).
v0.3.1
Graduation fixes: Finding model (id, category, critic rename), honest pre-screen descriptions, framework coverage expansion (SEC-12/14, CWEs), spec-impl alignment across 12 files. Boundary-checked and pushed to GitHub.
v0.3.0
Pre-screen (10 deterministic checks), Security & Code Hygiene critics (OWASP ASVS, CWE Top 25, ISO 25010, CISQ), cross-artifact consistency (Phase 2), batch validation, Finding model improvements (id, category, critic rename), framework-grounded evaluation. 4 critics shipped, self-validated.
v1.0.4
- Added a LICENSE notice at the end of the documentation, clarifying licensing terms and attribution.
- Remainder of documentation and operational details remain unchanged.
v1.0.3
- Major cleanup: removed 52 files, including all documentation, examples, and the entire reference implementation.
- The skill metadata and overall description remain unchanged.
- No new features or functionality added in this version.
v1.0.2
Fix metadata: declare required env vars, add source URL, explicit git clone install
v1.0.1
test
v1.0.0
Quorum 1.0.0 — Initial release
- Launches a multi-agent validation framework for documents, configs, code, and research artifacts.
- Spawns multiple independent AI critics to evaluate artifacts against rubrics, requiring evidence-based findings.
- Supports built-in rubrics for research synthesis and agent configuration validation.
- Offers quick, standard, and thorough depth profiles for flexible validation time and rigor.
- Provides CLI commands for running checks, listing rubrics, and interactive configuration.
- Output includes structured verdicts and evidence-cited remediation suggestions.
Metadata
Frequently Asked Questions
What is Sharedintellect Quorum?
Multi-agent validation framework — 6 independent AI critics evaluate artifacts against rubrics with evidence-grounded findings. It is an AI Agent Skill for Claude Code / OpenClaw, with 668 downloads so far.
How do I install Sharedintellect Quorum?
Run "/install quorum" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sharedintellect Quorum free?
Yes, Sharedintellect Quorum is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Sharedintellect Quorum support?
Sharedintellect Quorum is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sharedintellect Quorum?
It is built and maintained by Daniel (@dacervera); the current version is v0.7.3.
More Skills