registry  /  n8n-nodes-agent-langfuse  /  0.3.3

n8n-nodes-agent-langfuse@0.3.3

n8n AI Agent node with native Langfuse integration: tracing + prompt management

AI Security Review

scanned 35m ago · by lpm-firewall-ai

The package exposes an n8n community node that runs an AI agent and sends prompt/tracing data to a user-configured Langfuse instance. This is package-aligned runtime behavior, not a confirmed attack surface.

Static reason
One or more suspicious static signals were detected.
Trigger
User configures credentials and executes the n8n node or opens prompt selectors.
Impact
Workflow prompts, outputs, selected metadata, and Langfuse credentials are used for intended Langfuse observability; no unauthorized exfiltration found.
Mechanism
Langfuse API fetches and LangChain callback tracing
Rationale
Static inspection found no consumer lifecycle execution, no AI-agent control-surface writes, and no shell/eval/filesystem harvesting. The network and secret patterns are expected for an n8n Langfuse integration using user credentials.
Evidence
package.jsondist/credentials/AgentLangfuseApi.credentials.jsdist/nodes/AgentLangfuse/AgentLangfuse.node.jsdist/nodes/AgentLangfuse/langfuse.jsdist/nodes/AgentLangfuse/execute.js
Network endpoints4
cloud.langfuse.comlangfuse.com/docs/api/public/v2/prompts/api/public/projects

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly; no consumer install hook.
    • n8n manifest points to expected dist credential/node files.
    • Credential file defines user-supplied Langfuse URL and Basic auth fields; no hardcoded secrets.
    • langfuse.js requests only configured Langfuse base URL for prompts/projects/tracing.
    • execute.js runs connected LangChain models/tools only during explicit n8n node execution.
    • No shell, eval, filesystem harvesting, persistence, or agent config mutation found.
    Behavioral surface
    Source
    ChildProcessNetwork
    Supply chain
    UrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 7 file(s), 62.9 KB of source, external domains: cloud.langfuse.com, langfuse.com

    Source & flagged code

    1 flagged · loading source
    dist/credentials/AgentLangfuseApi.credentials.jsView file
    39patternName = generic_password severity = medium line = 39 matchedText = password...}}',
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/credentials/AgentLangfuseApi.credentials.jsView on unpkg · L39

    Findings

    2 Medium3 Low
    MediumSecret Patterndist/credentials/AgentLangfuseApi.credentials.js
    MediumNetwork
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowUrl Strings