Community code plugin. Review compatibility and verification before install.
Latest release: v0.1.5Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The purpose and capability fit together: the plugin exports agent execution traces, including LLM and tool activity, to Langfuse/OpenTelemetry. That is expected for observability, but the exported data can be highly sensitive.
Instruction Scope
The manifest grants broad conversation access and hooks default to all enabled. This is disclosed and purpose-aligned, with an enabledHooks option, but the artifact does not provide built-in redaction or minimization controls.
Install Mechanism
The package uses a normal plugin entrypoint and no postinstall or setup auto-execution was found. The package bin references an onboard CLI file that is not present, which looks like a packaging issue rather than a security behavior.
Credentials
The plugin reads OS username, hostname, process ID, and optionally OpenClaw skill-root configuration for tagging. These are observability-related, but the OS username default is more identifying than necessary and should be overridden.
Persistence & Privilege
No durable persistence, privilege escalation, shell execution, file mutation, destructive behavior, or hidden endpoint was found. It uses in-memory trace state, a cleanup timer, and outbound telemetry to the configured endpoint.
Scan Findings in Context
[SDI-2] unexpected: The OS username fallback is real and exported as user identity metadata; it is documented, but users should prefer an explicit pseudonymous userId.
[SDI-2] expected: Full prompt, response, tool input/output, and trace export is the core advertised functionality and is disclosed in the README.
[SQP-2] expected: The README states that full execution traces and prompt/response content are sent to Langfuse; the scanner's privacy concern is valid user guidance, not evidence of hidden behavior.
[SQP-2] unexpected: The documented default userId behavior can expose local account naming, so users should override it even though it is not hidden.
[SQP-2] expected: The implementation exports conversation and tool content to Langfuse after endpoint and authorization are configured, matching the stated exporter purpose.
[SQP-2] unexpected: Using os.userInfo().username as a default identifier is unnecessary for basic transport and should be treated as a privacy-sensitive default.
[SQP-1] expected: allowConversationAccess is broad but necessary for a full trace exporter and is declared in the manifest; users can narrow hooks through configuration.
[SQP-3] unexpected: The manifest documents the OS username fallback; it remains a privacy concern but not hidden or malicious behavior.
Assessment
Install only for environments where sending prompts, responses, tool arguments, tool results, token usage, and trace metadata to your Langfuse or OTLP endpoint is acceptable. Use HTTPS, restrict enabledHooks where possible, avoid production secrets in traced content, review Langfuse retention/access controls, and set a pseudonymous userId instead of relying on the OS username default.Verification
Tags
openclaw-exporter-to-langfuse
What This Plugin Does
openclaw-exporter-to-langfuse is an OpenClaw plugin that exports AI agent execution traces to Langfuse via the OpenTelemetry OTLP protocol.
Every time OpenClaw handles an agent request, this plugin captures the full execution chain — including agent invocations, LLM calls, tool executions, token usage, and prompt/response content — and sends them as structured traces to your Langfuse project. This gives you end-to-end visibility into how your agents behave in production.
How It Works
OpenClaw Runtime
│
├─ enter_openclaw_system (ENTRY span)
│ └─ invoke_agent (AGENT span)
│ ├─ chat (LLM span — prompt, response, token usage)
│ └─ execute_tool (TOOL span — tool name, input/output)
│
└─ [hooks: gateway_start / session_start / session_end /
message_received / message_sending / message_sent /
llm_input / llm_output / before_message_write /
before_tool_call / after_tool_call /
before_agent_start / agent_end]
│
▼
LangfuseExporter
(OTLPTraceExporter → BatchSpanProcessor)
│
▼
Langfuse /api/public/otel/v1/traces
Reported Spans
| Span name | gen_ai.span.kind | Description |
|---|---|---|
enter_openclaw_system | ENTRY | Request entry point |
invoke_agent | AGENT | Agent invocation |
chat | LLM | LLM call (prompt, response, tokens) |
execute_tool | TOOL | Tool / function call |
session_start / session_end | — | Session lifecycle |
gateway_start / gateway_stop | — | Gateway lifecycle |
Configuration
Add the following to your openclaw.json to enable the plugin and configure it under plugins.entries.openclaw-exporter-to-langfuse.config:
| Option | Type | Default | Description |
|---|---|---|---|
endpoint | string | "" | Langfuse OTLP endpoint (e.g. https://<LANGFUSE_HOST>/api/public/otel/v1/traces) |
headers.Authorization | string | "" | Langfuse Basic auth header (base64-encoded pk:sk) |
serviceName | string | "openclaw-agent" | Service name shown in Langfuse traces |
tags | string[] | [] | Custom Langfuse tags on the root trace span |
userId | string | "" | User ID for traces. Defaults to OS username; overrides OS default when configured. Priority: config > OS account > "unknown" |
batchSize | number | 10 | Spans to buffer before flushing |
flushIntervalMs | number | 5000 | Max ms to wait before flushing buffered spans |
debug | boolean | false | Enable verbose debug logging |
skillTaggingEnabled | boolean | false | Detect and emit skill:* tags on tool observations |
skillsRoots | string[] | [] | Explicit skill root directories (skips auto-detection) |
enabledHooks | string[] | (all) | Restrict which hooks are active |
Minimal example with Langfuse Cloud:
How to create the
Authorizationheader:
- Go to your Langfuse project → Settings → API Keys
- Copy your Public Key (
pk-lf-xxx) and Secret Key (sk-lf-yyy)- Generate the Base64-encoded value:
echo -n "pk-lf-xxx:sk-lf-yyy" | base64 -w 0 # Example output: cGstbGYteHh4OnNrLWxmLXl5eQ==- Set
Authorizationto"Basic <output>", e.g."Basic cGstbGYteHh4OnNrLWxmLXl5eQ=="
{
"plugins": {
"entries": {
"openclaw-exporter-to-langfuse": {
"enabled": true,
"hooks": {
"allowConversationAccess": true
},
"config": {
"endpoint": "http://<LANGFUSE_HOST>/api/public/otel/v1/traces",
"headers": {
"Authorization": "Basic <base64(pk:sk)>"
},
"serviceName": "my-openclaw-agent"
}
}
}
}
}
Alibaba Cloud Observability Integration
Supports delivering OpenClaw runtime data to Alibaba Cloud ClickHouse Agent-lens and the All-in-one-observe-suite platform, helping you comprehensively monitor and analyze the runtime status of your Agent applications.
| Capability | What You Can See | Tool |
|---|---|---|
| Trace → Agent-lens | Full agent call-chain tree, LLM prompt/response, token usage, per-span latency | Agent-lens |
| Trace / Metric / Log → ClickHouse | Gateway QPS, error rates, system logs, resource metrics — query with AI Notebook | All-in-one-observe-suite |
Installation: https://ck-langfuse-public.oss-cn-beijing.aliyuncs.com/openclaw-exporter-to-langfuse/INSTALLATION.md
Full setup guide: https://help.aliyun.com/clickhouse/user-guide/openclaw-observability
Open Source: https://github.com/aliyun/openclaw-exporter-to-langfuse