registry  /  n8n-nodes-agent-langfuse  /  0.3.1

n8n-nodes-agent-langfuse@0.3.1

n8n AI Agent node with native Langfuse integration: tracing + prompt management

AI Security Review

scanned 17h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network use is aligned with the package purpose: an n8n node that fetches Langfuse prompts and sends LangChain tracing via user-configured credentials.

Static reason
One or more suspicious static signals were detected.
Trigger
User installs and runs the n8n community node in a workflow or opens its Langfuse prompt selectors.
Impact
Expected workflow-time Langfuse API calls and LLM/tool execution under user configuration; no unconsented persistence, exfiltration, or install-time mutation identified.
Mechanism
n8n AI-agent node with Langfuse prompt retrieval and tracing callbacks
Rationale
Static inspection shows a package-aligned n8n Langfuse integration with workflow-triggered Langfuse API calls and no lifecycle install hooks, hidden execution, credential harvesting beyond configured service auth, filesystem mutation, or remote payload behavior. The scanner's network and secret-pattern hits correspond to declared Langfuse credential fields and expected API usage.
Evidence
package.jsondist/credentials/AgentLangfuseApi.credentials.jsdist/nodes/AgentLangfuse/AgentLangfuse.node.jsdist/nodes/AgentLangfuse/execute.jsdist/nodes/AgentLangfuse/langfuse.jsdist/nodes/AgentLangfuse/geminiSchema.js
Network endpoints4
cloud.langfuse.comlangfuse.com/docs/api/public/v2/prompts/api/public/projects

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly build script; no preinstall/install/postinstall hook.
    • package.json n8n entrypoints are dist/credentials/AgentLangfuseApi.credentials.js and dist/nodes/AgentLangfuse/AgentLangfuse.node.js.
    • dist/credentials/AgentLangfuseApi.credentials.js defines Langfuse URL/publicKey/secretKey credential fields and n8n auth/test config only.
    • dist/nodes/AgentLangfuse/langfuse.js sends user-provided Langfuse credentials only to the configured Langfuse base URL for prompt/project fetches and callback tracing.
    • dist/nodes/AgentLangfuse/execute.js runs an n8n AI agent using connected n8n models/tools/memory at workflow execution time; no install/import-time execution found.
    • rg found no child_process, fs writes, eval/Function, native/binary loading, or agent control-surface mutation.
    Behavioral surface
    Source
    ChildProcessNetwork
    Supply chain
    UrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 6 file(s), 57.1 KB of source, external domains: cloud.langfuse.com, langfuse.com

    Source & flagged code

    1 flagged · loading source
    dist/credentials/AgentLangfuseApi.credentials.jsView file
    39patternName = generic_password severity = medium line = 39 matchedText = password...}}',
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/credentials/AgentLangfuseApi.credentials.jsView on unpkg · L39

    Findings

    2 Medium3 Low
    MediumSecret Patterndist/credentials/AgentLangfuseApi.credentials.js
    MediumNetwork
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowUrl Strings