Langfuse Backup

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local backup-and-restore skill for self-hosted Langfuse, but restore operations can overwrite active data and should be used carefully.

Before installing, confirm the Docker container names and backup directory, protect or encrypt the backup folder, and treat restore as data-replacing. Only restore after verifying the backup date and taking a fresh snapshot of the current Langfuse data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The restore workflow instructs users to stop services and run the restore script, but it does not explicitly warn that restoration is destructive and may overwrite existing databases and object storage contents. In a backup/restore skill, that omission can reasonably lead to accidental data loss during routine operational use, especially under outage or migration pressure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal