cclens-trace-analyzer
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to perform a global installation of the
claude-code-lenspackage from the NPM registry usingnpm install -g claude-code-lensif the tool is not found. - [COMMAND_EXECUTION]: The skill relies on executing multiple shell commands via the
cclensCLI tool, includingcclens trace list,show, andexport, to interact with system trace data. - [DATA_EXFILTRATION]: The skill accesses sensitive information by reading Claude Code session traces. These files, typically stored in
~/.claude-code-lens/, contain internal model reasoning, tool execution logs, and full conversation histories from previous AI interactions. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The agent reads exported Markdown trace files which contain the complete record of previous Claude Code sessions.
- Boundary markers: The instructions lack explicit boundary markers or directives to ignore instructions that might be embedded within the trace data being analyzed.
- Capability inventory: The skill uses shell command execution (
cclens trace) and file reading tools. - Sanitization: There is no evidence of sanitization or validation of the trace content before it is read by the agent for analysis, creating a surface for instructions from previous sessions to influence current agent behavior.
Audit Metadata