claude-langfuse

SUSPICIOUS: the skill is largely coherent with its stated Langfuse observability purpose and uses official Langfuse credential patterns, but it reads credentials from `~/.secrets` and forwards them to unseen local scripts while analyzing potentially sensitive historical prompts/tool outputs. No clear malware or deceptive exfiltration path is shown, yet the credential-loading pattern and unverified script behavior make this a moderate-risk skill rather than benign.