Fastapi Studio Template
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent FastAPI app template, with disclosed Langfuse tracing credentials and outbound tracing as the main things to review.
This skill looks reasonable for bootstrapping a FastAPI studio app. Before installing or using it, make sure you want Langfuse tracing, use scoped Langfuse keys, and review any generated tracing code so sensitive prompts or outputs are not logged unintentionally.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The generated app may use your Langfuse project credentials when tracing is enabled.
The skill requires Langfuse credentials so generated tracing code can authenticate to a Langfuse project.
"env": ["LANGFUSE_PUBLIC_KEY", "LANGFUSE_SECRET_KEY"]
Use dedicated Langfuse project keys with the minimum needed access, and avoid sharing those environment variables beyond the generated app.
If tracing captures sensitive prompts or outputs, that data could be stored in your Langfuse deployment or Langfuse cloud account.
The skill discloses outbound tracing to a Langfuse instance, which may include generation metadata, prompts, outputs, costs, or latency information depending on implementation.
"Sends traces to Langfuse (self-hosted or cloud) for LLM observability."
Confirm what fields are traced, redact sensitive prompt/output data where needed, and verify the Langfuse endpoint before running the generated app.