Agent Lens
PassAudited by ClawScan on May 11, 2026.
Overview
Agent Lens is a coherent local cost-monitoring skill, but users should notice that it asks them to install an unreviewed GitHub package and stores API-usage traces locally.
This skill appears benign and purpose-aligned for LLM cost tracking. Before installing, review or pin the GitHub package because its code was not provided in the scan, and remember that usage traces are stored locally at ~/.agent-lens/traces.db until cleaned.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package means trusting code from that GitHub repository; this is normal for a Python tool but was not inspected in the provided artifacts.
The skill directs users to install an external GitHub package, while the provided artifact set contains only SKILL.md and no package code or lockfile to review.
pip install git+https://github.com/lrg913427-dot/agent-lens.git
Review the repository before installing, prefer a tagged release or pinned commit, and install in a virtual environment.
The local database may reveal model usage, costs, timings, and other operational patterns until it is deleted or cleaned.
The skill persists API usage traces locally so it can generate historical cost and usage reports.
SQLite at `~/.agent-lens/traces.db`. Fully local, no cloud service needed.
Protect the local database, periodically run the documented cleanup command if retention is not needed, and verify what fields are recorded before using it on sensitive workloads.