Chain of Consciousness
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent provenance-logging skill, but users should understand that it installs an external Python package, runs its CLI, and may persist task details in local audit logs.
This skill appears purpose-aligned and disclosed. Before installing, review or pin the external PyPI package, use it in an appropriate workspace, and avoid logging secrets or sensitive personal details in audit entries.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the current PyPI package and any future version resolved by pip.
The core functionality depends on an external PyPI package, and the instruction does not pin a version or include the package code for review.
The `chain-of-consciousness` Python package must be installed. If not available, install it: ```bash pip install chain-of-consciousness ```
Review the PyPI package and consider pinning a known-good version before installation in sensitive environments.
The agent may run `coc` commands that write audit files in the working directory.
The skill is instruction-only but expects the agent to run a locally installed CLI to create, update, verify, and export chain files.
Executes the `coc` CLI tool via subprocess (installed via pip)
Use it in a project directory where local audit-file creation is acceptable, and avoid granting broader shell authority than needed.
Personal or sensitive task details could remain in local chain files and later be exported or shared if the user asks for that.
The audit trail can persist task context and learned information, and examples include user preferences and schedule details.
Use it to maintain an auditable record of your work — what you learned, what you decided, and what you created.
Avoid logging secrets or unnecessary personal data, and review chain contents before exporting or sharing them.
Using anchoring may reveal that a particular chain hash existed at a time, though the visible instructions do not send the full audit log.
The optional anchoring flow contacts third-party timestamp services, apparently with a chain hash rather than the full chain contents.
Optional anchoring connects to OpenTimestamps calendar servers and/or RFC 3161 TSA endpoints.
Only use external anchoring when third-party timestamping is desired, and avoid assuming it is fully private metadata.