Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Langfuse Trace Logger
v1.0.0Log subagent task completions as Langfuse traces for replay, evaluation, and cost analysis. Called during session-wrap Phase 4. Supports backfill, tag-based...
⭐ 0· 36·0 current·0 all-time
byNissan Dookeran@nissan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (logging traces to Langfuse) align with the required env vars LANGFUSE_PUBLIC_KEY and LANGFUSE_SECRET_KEY and the need for python. However, the SKILL.md expects specific scripts (e.g., /Users/loki/.openclaw/workspace/scripts/langfuse-trace-logger.py) and a chatterbox venv to already exist; the skill bundle includes no code or install steps to create those scripts or the venv, which is a coherence gap.
Instruction Scope
Instructions direct the agent to run local scripts and to parse memory/YYYY-MM-DD.md files for backfill. Reading local 'memory' files can expose sensitive user data; the backfill behavior and file paths are outside the skill's code and may access private information. The README also references runtime env vars (e.g., SESSION_ID examples) and absolute home paths (/Users/loki/...) that may not exist for other users — the agent could be instructed to read or transmit data the user wouldn't expect.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not download or write code. That lowers installation risk but also means it assumes preexisting scripts and environments; there's no bundled code to inspect or validate.
Credentials
Requesting the two Langfuse keys is proportional to the described function (sending traces). Still: LANGFUSE_SECRET_KEY is sensitive and would allow writing traces to a Langfuse account; ensure the keys are scoped to the intended account/project. The SKILL.md references other local state (memory files, SESSION_ID) that are not declared as required envs but are used by the scripts, which broadens the effective access.
Persistence & Privilege
always is false and the skill does not request any persistent platform privileges. It does not modify other skills' configs nor ask to be force-enabled; autonomous invocation is allowed (platform default) but not an added privilege here.
What to consider before installing
This skill appears to be a wrapper around existing local scripts that send traces to Langfuse — the credential requests match that purpose, but the skill bundle contains no code and assumes scripts and a specific Python venv exist. Before installing or enabling it: (1) verify the referenced scripts actually exist at the stated paths and inspect their contents to see exactly what files they read and where they send data; (2) prefer using a self-hosted Langfuse endpoint (localhost:3100) for sensitive logs or supply keys scoped with minimal write permissions; (3) confirm the chatterbox venv Python (3.11) is used — the SKILL.md warns about silent failure on other Python versions; (4) be aware the backfill feature parses memory/YYYY-MM-DD.md files (potentially sensitive) — if you don't want that data exported, do not run backfill or audit the parser first; (5) if you cannot inspect the scripts or do not trust the source (homepage unknown, source unknown), do not provide LANGFUSE_SECRET_KEY; consider creating a dedicated, limited-permission key or testing in an isolated environment. Additional info (script contents, where traces are posted) would raise confidence and could change this assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk972vjj3m6mtsf5s69ctwybccx83s7ps
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📈 Clawdis
Binspython3
EnvLANGFUSE_PUBLIC_KEY, LANGFUSE_SECRET_KEY
Primary envLANGFUSE_PUBLIC_KEY