registry  /  n8n-nodes-agent-langfuse  /  0.2.2

n8n-nodes-agent-langfuse@0.2.2

n8n AI Agent node with native Langfuse integration: tracing + prompt management

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network activity is expected for an n8n Langfuse integration and requires user-configured credentials and node execution.

Static reason
One or more suspicious static signals were detected.
Trigger
User installs the n8n community node, configures Langfuse credentials, and executes the node in a workflow.
Impact
Expected transmission of prompts, trace metadata, optional images, and Langfuse credentials to the configured Langfuse base URL during use.
Mechanism
Langfuse prompt retrieval, LangChain agent execution, and Langfuse tracing callback.
Rationale
Static inspection shows a normal n8n community node that fetches Langfuse prompts and emits Langfuse traces only when the configured node runs. The scanner secret/network hits are explained by credential definitions and package-aligned API calls, with no install-time mutation, exfiltration, or payload execution.
Evidence
package.jsondist/credentials/LangfuseApi.credentials.jsdist/nodes/AgentLangfuse/AgentLangfuse.node.jsdist/nodes/AgentLangfuse/execute.jsdist/nodes/AgentLangfuse/langfuse.jsREADME.md
Network endpoints4
cloud.langfuse.comlangfuse.com/docs/api/public/v2/prompts/api/public/projects

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/nodes/AgentLangfuse/langfuse.js sends configured Langfuse credentials via Basic auth to resolveBaseUrl(credentials).
  • dist/nodes/AgentLangfuse/execute.js forwards workflow metadata, prompts, optional images, and LLM traces to Langfuse during node execution.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly build script.
  • package.json n8n entrypoints are limited to dist credentials and node implementation.
  • dist/credentials/LangfuseApi.credentials.js defines user-supplied Langfuse URL/publicKey/secretKey credential fields and test request.
  • Network use is package-aligned: Langfuse prompt/project fetches and Langfuse tracing callback.
  • rg found no child_process, fs writes, eval/Function, dynamic import, native binary loading, or persistence code.
  • No AI-agent control-surface mutation or install-time execution found.
Behavioral surface
Source
ChildProcessNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 50.5 KB of source, external domains: cloud.langfuse.com, langfuse.com

Source & flagged code

1 flagged · loading source
dist/credentials/LangfuseApi.credentials.jsView file
39patternName = generic_password severity = medium line = 39 matchedText = password...}}',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/credentials/LangfuseApi.credentials.jsView on unpkg · L39

Findings

2 Medium3 Low
MediumSecret Patterndist/credentials/LangfuseApi.credentials.js
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowUrl Strings