Langfuse Trace Logger
Security checks across malware telemetry and agentic risk
Overview
This is a real observability skill, but it can persist sensitive prompts, outputs, and memory-derived history to Langfuse without clear redaction or approval controls.
Install only if you intentionally want agent task prompts, outputs, and selected historical memory records stored in Langfuse for replay and evaluation. Prefer a trusted self-hosted endpoint or tightly scoped cloud project, inspect the referenced local scripts before use, and add redaction plus explicit approval before logging sensitive sessions or running backfills.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.