n8n Workflow Automation
v1.0.0Trigger n8n workflows using natural language. Automate lead nurturing, email sequences, CRM updates, social media posting, meeting follow-ups, competitor mon...
⭐ 0· 102·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (trigger n8n workflows) matches the files and env vars. Required binaries (python3) and required env vars (N8N_WEBHOOK_BASE_URL, N8N_API_KEY) are what you'd expect for a client that POSTs to n8n webhooks and checks health. The included scripts implement status, trigger, and validator functionality described in the README/SKILL.md.
Instruction Scope
Instructions stay within the stated purpose (set env vars, restart gateway, run status/validator/trigger). Two small inconsistencies: SKILL.md claims the skill “remembers what was last triggered” but the provided scripts do not implement persistent storage or state recovery; and the documentation's suggested health-check method is inconsistent with the scripts — the references file describes /webhook/health as GET, while the validator/status scripts send a POST test payload. These are functional/documentation mismatches rather than indicators of hidden behavior.
Install Mechanism
No install spec that downloads external code; the package is delivered as source files and scripts that run with python3. No remote URL downloads, no extracted archives, and no unusual install locations. Risk from install is low — the agent will execute bundled Python scripts.
Credentials
Only two env vars are required (N8N_WEBHOOK_BASE_URL and N8N_API_KEY), which directly correspond to the skill's needs. This is proportionate. Note: an n8n API key grants the ability to trigger workflows that may send emails, post to social accounts, or update CRMs — so the API key is powerful and should only be provided for a trusted n8n instance.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings. The scripts do not persist secrets to disk. Autonomous invocation remains allowed by default (normal for skills) but is not combined with suspicious behavior here.
Assessment
This skill appears to do what it says: it sends payloads to your n8n webhooks and provides status/validation helpers. Before installing, verify the following: 1) Only set N8N_WEBHOOK_BASE_URL and N8N_API_KEY for an n8n instance you control or fully trust — the API key can trigger any webhook/workflow, including sending emails or posting to social accounts. 2) The SKILL.md and references include workflow templates that require additional credentials inside n8n (Gmail, social APIs, LLM APIs) — those are configured inside n8n, not the skill; review those workflow templates so you know what your n8n workflows will do when triggered. 3) There are minor doc/implementation mismatches: the package claims it “remembers what was last triggered” (no persistence in scripts) and the health endpoint is described as GET in the templates but the validator/status scripts POST to /health — you may want to align your workflow’s /health node to accept the test POST or adjust the scripts. 4) Review the bundled scripts locally (they are plain Python) and, if possible, test with a staging n8n instance before providing a production API key.Like a lobster shell, security has layers — review code before you run it.
latestvk974k77n8j7ssfs2t1pv4gybt183cs88
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
Binspython3
EnvN8N_WEBHOOK_BASE_URL, N8N_API_KEY