ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified system Safety 5/5

consensus-agent-action-guard

Pre-execution governance for high-risk agent actions. Uses persona-weighted consensus to decide ALLOW/BLOCK/REQUIRE_REWRITE before external or irreversible side effects occur, with board-native audit artifacts.

Why use this skill?

Implement robust, multi-persona governance for your AI agents. The consensus-agent-action-guard prevents high-risk, irreversible operations.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/kaicianflone/consensus-agent-action-guard
Or

What This Skill Does

The consensus-agent-action-guard serves as the primary defensive layer for autonomous systems, acting as a mandatory checkpoint before any irreversible or high-stakes operation is executed. Unlike simple rule-based filters, this skill employs a multi-persona weighted consensus engine to evaluate proposed agent actions. It scrutinizes the intent, potential for side effects, and risk profile of every action before allowing it to proceed to the system shell or network boundary.

By returning one of three states—ALLOW, BLOCK, or REQUIRE_REWRITE—it ensures that autonomous agents cannot drift into unauthorized behaviors. The skill integrates directly with your board-native audit trail, ensuring that every decision is logged with the corresponding persona weightings. This creates an immutable record of why an action was permitted or stopped, which is essential for compliance and post-mortem analysis.

Installation

To integrate this safety gate into your workflow, use the standard ClawHub CLI to pull the package from the official source repository. Ensure your environment has node and tsx installed to support the runtime binary requirements.

Command: clawhub install openclaw/skills/skills/kaicianflone/consensus-agent-action-guard

Once installed, the skill resides within your agent's dependency tree, utilizing consensus-guard-core to maintain architectural consistency across your other security modules. No external credentials are required, as the skill operates entirely within the scope of your board's local filesystem artifacts.

Use Cases

  1. Destructive File Operations: Prevent agents from executing rm -rf or other mass-deletion commands without explicit consensus from multiple, specialized, pre-configured personas.
  2. External Messaging: Guard communication tools so that an agent cannot post to public channels or send emails without reaching a predefined 'human-in-the-loop' or 'senior-agent' consensus threshold.
  3. Network Configuration: Protect critical system infrastructure by requiring a high-trust score for any tool call attempting to modify proxy settings, firewall rules, or DNS entries.
  4. Financial Transactions: Gate API calls involving fund transfers or wallet interactions to ensure that even if an agent is compromised, it cannot execute high-value movements without multi-signature approval logic.

Example Prompts

  1. "Guard the execution of this script: verify the file path /etc/production-config and ensure no deletion flags are present before allowing execution."
  2. "Before I push these changes to the production branch, run the consensus-agent-action-guard to check if my persona weights are satisfied."
  3. "Evaluate the pending proposal to update external messaging; if the risk profile is above 0.7, trigger a REQUIRE_REWRITE and ask the agent to justify the content."

Tips & Limitations

  • Persona Management: The effectiveness of this skill is directly tied to the quality of your persona sets. Define diverse personas to avoid echo-chamber logic.
  • Performance: While the evaluation is deterministic and local, heavy usage of deep-chain consensus in a tight loop may introduce minor latency. Batch your critical action requests where possible.
  • Scope: Note that this skill does not monitor the internal thought process of the agent; it monitors the 'tool-call' contract boundary. Ensure that your agent is configured to pass all relevant context to the invoke entrypoint for accurate risk assessment.
  • Modes: Use external_agent mode when integrating human-in-the-loop signals to ensure your human team has the final say in the consensus calculation.
Read Full Documentation on GitHub

Metadata

Author@kaicianflone
Stars1776
Views2
Updated2026-03-02
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-kaicianflone-consensus-agent-action-guard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#governance#security#consensus#safety#automation
Safety Score: 5/5

Flags: file-write, code-execution

Related Skills

consensus-persona-generator

Generate and persist reusable persona panels (persona_set artifacts) for consensus decision workflows. This skill initializes evaluator diversity for downstream guards; ongoing reputation updates are owned by consensus-persona-engine.

kaicianflone 1776

Consensus Interact

Skill by kaicianflone

kaicianflone 1776

consensus-send-email-guard

Persona-weighted pre-send email governance for AI systems. Produces APPROVE/BLOCK/REWRITE decisions, writes decision artifacts to the board ledger, updates persona reputation over time, and returns strict machine-parseable JSON.

kaicianflone 1776

consensus-publish-guard

Persona-weighted governance for outbound publishing (blog, social, announcements). Prevents unsafe public claims via hard-block checks, weighted consensus, rewrite paths, and board-native audit artifacts.

kaicianflone 1776

consensus-persona-respawn

Ledger-informed persona lifecycle management. Replaces low-performing personas with successor personas derived from mistake patterns in board decision history, preserving adaptive governance over long-running automation. Reputation updates are computed by consensus-persona-engine.

kaicianflone 1776