Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawlens
v1.0.5What do you use Claw for most? Where do you get stuck? Clawlens analyzes your conversation history to surface usage patterns, friction points, and skill effe...
⭐ 2· 191·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to analyze conversation history and surface usage/fraction points; the code and SKILL.md access session files, the skills directory, and OpenClaw model config/auth profiles, and call an LLM for analysis — all of which are coherent with that purpose.
Instruction Scope
The runtime instructions and script read ~/.openclaw/agents/{agentId}/sessions/*.jsonl and ~/.openclaw/agents/{agentId}/agent/auth-profiles.json and send conversation summaries to an LLM provider. Reading transcripts is required for analysis, and reading auth-profiles.json is used to auto-detect and use the configured provider key. This is expected, but it is sensitive: transcripts and possibly API keys will be used to make external LLM calls. The SKILL.md also instructs the agent to prompt the user before using the auto-detected model, which mitigates surprise but requires that the agent implement that confirmation step correctly.
Install Mechanism
There is no install spec (no external downloads). The skill is a Python script that depends on litellm and markdown packages per SKILL.md. Running the script requires Python and those libraries to be present; nothing in the repository pulls code from untrusted URLs or performs opaque installs.
Credentials
Registry metadata lists no required env vars, while SKILL.md documents optional provider API keys (DEEPSEEK_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY) when the user explicitly requests a manual model. The script also auto-reads auth-profiles.json to obtain stored API tokens for auto-detect — this is proportionate to the feature but is sensitive because it exposes stored provider credentials to the running script.
Persistence & Privilege
always is false and the skill writes only a cache folder under the agent's sessions directory (.clawlens-cache). It does not request permanent inclusion or modify other skills’ configs. Autonomous invocation is allowed by default (disable-model-invocation:false), which is normal for skills; combine this with the sensitive reads only if you plan to let it run without prompting.
Assessment
This skill legitimately needs to read your OpenClaw session logs and (with your permission) use your configured LLM provider to analyze them. Before installing/running: 1) Review and confirm the script will prompt you before using the auto-detected model (SKILL.md requires asking the user). 2) Understand that session transcripts will be sent to the chosen LLM provider — if you care about privacy, use a provider and API key you trust or run with a dedicated key with limited scope. 3) If you prefer more control, run the script locally with --model and an explicit API key you provide at runtime rather than letting it auto-read auth-profiles.json. 4) Inspect scripts/clawlens.py yourself (or run it in an isolated environment) if you are concerned about accidental exfiltration. 5) Note the minor metadata mismatch: the registry lists no required env vars while SKILL.md documents optional provider keys — this is not a functional problem but worth being aware of.Like a lobster shell, security has layers — review code before you run it.
latestvk975h13h8wjdr1y25k9cc6g4zd83qbb3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.