← Back to Skills Marketplace

OpenClaw Logfire

Name: OpenClaw Logfire
Author: namabile

by Nick Amabile · GitHub ↗ · v0.1.2

cross-platform ⚠ suspicious

672

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-logfire

Description

Pydantic Logfire observability — OTEL GenAI traces, tool call spans, token metrics, distributed tracing

Usage Guidance

This package appears to do exactly what it claims: export OpenClaw spans/metrics to Pydantic Logfire. Before installing, consider: 1) Trust the destination — traces (even redacted) leave your host to logfire-api.pydantic.dev/eu. 2) Review or test the redaction logic (src/util.ts) if you have high-sensitivity data; pattern-based redaction can miss custom secrets. If unsure, disable captureToolInput or enable stricter redaction in config. 3) Use the EU region option if you need data residency. 4) Treat LOGFIRE_TOKEN like any write key: create a token with minimum scope, rotate it, and avoid embedding it in repos. 5) Deploy to a staging instance first to confirm no unexpected data is emitted. If you want, I can scan the specific util.ts and otel.ts functions for the exact redaction patterns and any other data-exfil patterns.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-logfire Version: 0.1.2 The skill bundle is an OpenTelemetry (OTEL) plugin for Logfire observability, designed to trace agent lifecycle, tool calls, and metrics. It reads `LOGFIRE_TOKEN` and sends data to legitimate Logfire endpoints (`logfire-us.pydantic.dev`, `logfire-eu.pydantic.dev`). The `src/util.ts` file includes a `redactSecrets` function, which is a positive security feature. However, the `src/context/propagation.ts` file contains `injectTraceContext` which modifies shell commands (e.g., `curl`, `wget`) by appending `traceparent` headers to their arguments. While intended for legitimate distributed tracing, modifying shell command arguments programmatically introduces a vulnerability risk (e.g., shell injection) if the original command or the injected headers are not perfectly sanitized or handled by the shell, even if the headers themselves are structured OTEL data. This capability, despite its benign intent, elevates the classification to 'suspicious' due to the inherent risk of command modification.

Capability Assessment

✓ Purpose & Capability

Name/description, openclaw.plugin.json schema, SKILL.md, and the TypeScript sources (hooks, otel.ts, metrics, propagation, util) all align: the plugin initializes OTEL export to Pydantic Logfire and instruments OpenClaw hooks. Requiring LOGFIRE_TOKEN as the primary credential is appropriate for a write-only tracing/metrics exporter.

ℹ Instruction Scope

Runtime instructions and code indicate the plugin records tool call spans, agent lifecycle spans, and token/latency metrics. By default 'captureToolInput' is true (captures tool arguments) while 'captureToolOutput' and 'captureMessageContent' are false; 'redactSecrets' defaults to true. This is coherent, but capturing tool arguments can inadvertently include sensitive values (file paths, CLI args, inline secrets) — reliance on pattern-based redaction is not a guarantee. Distributed-tracing injection exists but is disabled by default (enabled only if distributedTracing.enabled = true).

✓ Install Mechanism

No arbitrary remote download/install step is embedded in the SKILL.md or plugin manifest; package.json and package-lock are included (npm package), and installation is via OpenClaw plugin mechanism/npm. There are no URLs to strange servers or shorteners for code pulls. The absence of an automated 'install' script in the registry metadata is fine here because the package contains source and an npm package reference.

✓ Credentials

Only LOGFIRE_TOKEN is required as a credential. Optional fallback env vars (LOGFIRE_ENVIRONMENT, LOGFIRE_PROJECT_URL, LOGFIRE_PROVIDER_NAME) are reasonable for configuration. There are no unrelated secrets or numerous credentials requested.

✓ Persistence & Privilege

always:false and no indication the plugin force-enables itself across agents. SKILL.md claims 'no local persistence' (streams traces to OTLP HTTP). The plugin registers OpenClaw hooks (normal for a plugin) and does not appear to modify other plugins' configs or request elevated system privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-logfire
After installation, invoke the skill by name or use /openclaw-logfire
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.2

Fix config passthrough (api.pluginConfig), Ajv draft-07 compat, corrected manifest id

Metadata

Slug openclaw-logfire

Version 0.1.2

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is OpenClaw Logfire?

Pydantic Logfire observability — OTEL GenAI traces, tool call spans, token metrics, distributed tracing. It is an AI Agent Skill for Claude Code / OpenClaw, with 672 downloads so far.

How do I install OpenClaw Logfire?

Run "/install openclaw-logfire" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Logfire free?

Yes, OpenClaw Logfire is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenClaw Logfire support?

OpenClaw Logfire is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Logfire?

It is built and maintained by Nick Amabile (@namabile); the current version is v0.1.2.

More Skills