AI Security Review
scanned 17h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network use is aligned with the package purpose: an n8n node that fetches Langfuse prompts and sends LangChain tracing via user-configured credentials.
Static reason
One or more suspicious static signals were detected.
Trigger
User installs and runs the n8n community node in a workflow or opens its Langfuse prompt selectors.
Impact
Expected workflow-time Langfuse API calls and LLM/tool execution under user configuration; no unconsented persistence, exfiltration, or install-time mutation identified.
Mechanism
n8n AI-agent node with Langfuse prompt retrieval and tracing callbacks
Rationale
Static inspection shows a package-aligned n8n Langfuse integration with workflow-triggered Langfuse API calls and no lifecycle install hooks, hidden execution, credential harvesting beyond configured service auth, filesystem mutation, or remote payload behavior. The scanner's network and secret-pattern hits correspond to declared Langfuse credential fields and expected API usage.
Evidence
package.jsondist/credentials/AgentLangfuseApi.credentials.jsdist/nodes/AgentLangfuse/AgentLangfuse.node.jsdist/nodes/AgentLangfuse/execute.jsdist/nodes/AgentLangfuse/langfuse.jsdist/nodes/AgentLangfuse/geminiSchema.js
Network endpoints4
cloud.langfuse.comlangfuse.com/docs/api/public/v2/prompts/api/public/projects
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly build script; no preinstall/install/postinstall hook.
- package.json n8n entrypoints are dist/credentials/AgentLangfuseApi.credentials.js and dist/nodes/AgentLangfuse/AgentLangfuse.node.js.
- dist/credentials/AgentLangfuseApi.credentials.js defines Langfuse URL/publicKey/secretKey credential fields and n8n auth/test config only.
- dist/nodes/AgentLangfuse/langfuse.js sends user-provided Langfuse credentials only to the configured Langfuse base URL for prompt/project fetches and callback tracing.
- dist/nodes/AgentLangfuse/execute.js runs an n8n AI agent using connected n8n models/tools/memory at workflow execution time; no install/import-time execution found.
- rg found no child_process, fs writes, eval/Function, native/binary loading, or agent control-surface mutation.
Behavioral surface
ChildProcessNetwork
UrlStrings
Source & flagged code
1 flagged · loading sourcedist/credentials/AgentLangfuseApi.credentials.jsView file
39patternName = generic_password
severity = medium
line = 39
matchedText = password...}}',
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/credentials/AgentLangfuseApi.credentials.jsView on unpkg · L39Findings
2 Medium3 Low
MediumSecret Patterndist/credentials/AgentLangfuseApi.credentials.js
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowUrl Strings