Agent Lens
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-lens Version: 2.3.0 The agent-lens skill is a utility designed to track LLM API usage, token consumption, and costs locally using a SQLite database (~/.agent-lens/traces.db). The documentation in SKILL.md describes standard monitoring functionality including decorators, context managers, and CLI commands for reporting. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the tool's behavior is consistent with its stated purpose of cost optimization and observability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package may run or depend on code that was not part of this review, and future repository changes could affect what gets installed.
The documented installation pulls executable package code directly from a GitHub repository without a pinned commit or included package contents in the reviewed artifacts.
pip install git+https://github.com/lrg913427-dot/agent-lens.git
Install only if you trust the repository, preferably in a virtual environment, and consider pinning a specific commit or reviewing the package code before use.
The local database may reveal which models were used, call volumes, token counts, costs, latency, and other tracked call details to anyone with access to the user's files.
The skill intentionally stores persistent local traces of AI API activity, which is expected for cost monitoring but can retain potentially sensitive usage patterns.
Track every AI API call... SQLite at `~/.agent-lens/traces.db`. Fully local, no cloud service needed.
Review what the installed package records, protect the local database with normal file permissions, and use the documented clean/export commands to manage retained data.