Agent Lens
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package may run or depend on code that was not part of this review, and future repository changes could affect what gets installed.
The documented installation pulls executable package code directly from a GitHub repository without a pinned commit or included package contents in the reviewed artifacts.
pip install git+https://github.com/lrg913427-dot/agent-lens.git
Install only if you trust the repository, preferably in a virtual environment, and consider pinning a specific commit or reviewing the package code before use.
The local database may reveal which models were used, call volumes, token counts, costs, latency, and other tracked call details to anyone with access to the user's files.
The skill intentionally stores persistent local traces of AI API activity, which is expected for cost monitoring but can retain potentially sensitive usage patterns.
Track every AI API call... SQLite at `~/.agent-lens/traces.db`. Fully local, no cloud service needed.
Review what the installed package records, protect the local database with normal file permissions, and use the documented clean/export commands to manage retained data.