Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lens
v1.1.4Use when you need your agent to see the world through your LENS. This skill evolves through the Trinity Nodes to ensure every interaction is an authentic ref...
⭐ 2· 1.3k·1 current·1 all-time
byJoshua Britt@capachow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (a personal 'LENS' that evolves from user interactions) match the actual behavior: scripts read local OpenClaw session logs, build .lens/AXIOM/ETHOS/MODUS, and run distillation/interview jobs. Required binary (node) and required env vars (HOME and OPENCLAW_CRON_LIST) are consistent with these tasks.
Instruction Scope
SKILL.md and prompts explicitly instruct the agent to run included node scripts, read ~/.openclaw/agents/main/sessions/*.jsonl, produce .lens/TRACE.txt, and update the Trinity Nodes. These actions are within the skill's stated scope, but they mandate reading recent user session transcripts and running scheduled tasks—sensitive operations that the user should be aware of.
Install Mechanism
There is no external install/download step; all code is bundled with the skill (local JS scripts and templates). No network-download or third-party package installation is requested, so install risk is low.
Credentials
Only HOME and OPENCLAW_CRON_LIST are requested (no API keys or unrelated credentials). However, the skill reads agent session files under ~/.openclaw and writes persistent .lens files, which is proportionate to the purpose but sensitive because session contents may contain personal data; the skill includes redaction logic and an opt-in anonymization flag.
Persistence & Privilege
always is false, but the skill writes .lens/* files, SCOPE.json, and registers recurring cron jobs (lens-distillation, lens-interview) via the agent's cron mechanism. Autonomous background processing (cron-driven distillation) is an intended feature; review scheduled job registration before enabling to control persistence.
Assessment
This skill is internally coherent for creating a persistent, personalized 'LENS', but it operates on sensitive local data and schedules recurring jobs. Before installing: (1) Review the bundled scripts (distillation.js, interview.js, bootstrap.js) and templates to confirm you accept local file writes to .lens/ and SCOPE.json. (2) Understand it will read recent agent session logs (~/.openclaw/agents/main/sessions/*.jsonl) and produce .lens/TRACE.txt; the distillation script redacts many sensitive patterns and supports opt-in anonymization, but you should verify the redaction rules meet your privacy needs. (3) Check OPENCLAW_CRON_LIST and confirm whether you want the skill to register cron jobs; you can delete the lens-distillation cron job later to stop automated processing. (4) If you need stronger guarantees, run the scripts manually in a sandbox to inspect their outputs before enabling automatic cron registration. If the skill ever attempts to send data to external endpoints or asks for unrelated credentials, treat that as a red flag.Like a lobster shell, security has layers — review code before you run it.
latestvk97c42fk18nd4hfw01jznm5c8184x9ge
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧐 Clawdis
Binsnode
EnvHOME, OPENCLAW_CRON_LIST