Agent Lens
PassAudited by ClawScan on May 12, 2026.
Overview
This looks like a legitimate local cost-tracking skill, with the main caveats that it installs code from GitHub and keeps a local usage database.
Before installing, confirm you trust the GitHub package and consider pinning or reviewing it. If you use the tool, remember that it keeps a local database of AI API activity, so manage retention and file access appropriately.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package may run or depend on code that was not part of this review, and future repository changes could affect what gets installed.
The documented installation pulls executable package code directly from a GitHub repository without a pinned commit or included package contents in the reviewed artifacts.
pip install git+https://github.com/lrg913427-dot/agent-lens.git
Install only if you trust the repository, preferably in a virtual environment, and consider pinning a specific commit or reviewing the package code before use.
The local database may reveal which models were used, call volumes, token counts, costs, latency, and other tracked call details to anyone with access to the user's files.
The skill intentionally stores persistent local traces of AI API activity, which is expected for cost monitoring but can retain potentially sensitive usage patterns.
Track every AI API call... SQLite at `~/.agent-lens/traces.db`. Fully local, no cloud service needed.
Review what the installed package records, protect the local database with normal file permissions, and use the documented clean/export commands to manage retained data.