Timestamp
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—create OpenTimestamps proofs for files—but users should notice the external CLI dependency, local proof/archive file writes, and the memory/profile files selected by the auto script.
Before installing, be comfortable installing the OpenTimestamps client, writing .ots and .ots-archive files into your workspace, and sending file hashes to calendar servers. Inspect the auto-memory file list, especially USER.md, and remember that a timestamp proves when bytes existed, not that the file contents are true.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You must install and trust the OpenTimestamps client for the scripts to work.
The skill depends on an external Python package/CLI, while the registry metadata lists no install spec or required binaries. This is expected for OpenTimestamps, but users should know what they are installing.
pip3 install opentimestamps-client
Install the package from a trusted Python environment and consider pinning or reviewing the version you use.
Running the stamping script will create, replace, or move .ots proof files in your workspace.
The script invokes an external CLI on selected files and moves existing proof files into an archive. That is aligned with timestamping, but it does mutate local proof artifacts.
if $OTS stamp "$file" 2>&1; then ... mv "$ots_file" "$archive_dir/$timestamp.ots"
Run it only on files you intend to timestamp, and decide whether .ots files or .ots-archive should be committed or kept local.
If you run the auto script, it may create timestamp proofs for private agent memory or profile files, revealing timing/linkage information even though file contents are not uploaded by these scripts.
The auto script targets persistent memory, instruction, and profile-style files. SKILL.md highlights MEMORY.md, SOUL.md, AGENTS.md, and memory/*.md, while the code also includes USER.md.
for f in MEMORY.md SOUL.md AGENTS.md USER.md; do ... memory/*.md
Review the target list before running the auto script, remove USER.md if unwanted, and avoid sharing proof archives if file existence or change timing is sensitive.
A user or agent could over-trust timestamped memory as correct rather than merely time-proven.
The wording strongly frames timestamped files as truth. OpenTimestamps can prove a byte sequence existed by a time, but it does not prove the contents are accurate, safe, or authoritative.
The blockchain is the authority, and the blockchain doesn't lie.
Treat proofs as evidence of existence and timing only; still review the content itself before relying on it.