n8n Workflow Automation
Security checks across malware telemetry and agentic risk
Overview
This n8n integration is mostly transparent, but its status and validation checks can POST to live workflow webhooks and may accidentally run automations.
Review the included scripts and your n8n workflows before installing. Do not run the status or validator commands against production workflows until they use a safe health/dry-run path or every workflow explicitly ignores ping/test payloads. Keep confirmations enabled for emails, social posts, CRM changes, invoice reminders, and other account-mutating actions.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running “n8n status” could trigger real or malformed workflow executions, such as CRM writes, reports, email attempts, or social posting attempts, depending on how the user's n8n workflows handle the ping payload.
The status checker sends POST requests with a ping payload to live workflow webhook paths, including workflows that post publicly, update CRM data, or send invoice reminders. In n8n, webhook POSTs are triggers, so a harmless-looking status check can execute automations rather than only inspect health.
payload = json.dumps({"ping": True}).encode("utf-8") ... Request(url, data=payload, headers=headers, method="POST") ... ("social-post", "Social Media Auto-Post"), ... ("crm-update", "CRM Contact Update"), ... ("invoice-reminder", "Invoice Reminder")Change status checks to use only a dedicated side-effect-free health endpoint, or require every n8n workflow to explicitly stop when it receives a ping/dry-run payload.
A user trying to validate setup may unintentionally start workflows or create test records, consume API calls, send malformed messages, or run connected automations.
The setup validator actively POSTs test payloads to each workflow webhook. Because those webhook paths are the automation triggers, validation can cause workflow runs unless the user's n8n workflows are specifically written to treat test payloads as no-ops.
test_payload = json.dumps({"test": True, "triggered_by": "openclaw-validator"}).encode("utf-8") ... Request(url, data=test_payload, headers=headers, method="POST")Use a separate validation endpoint, add explicit dry-run handling to every template, and warn users before any validation command touches live workflow webhooks.
Anyone or any agent process with access to those environment variables may be able to trigger configured workflows connected to the user's business accounts.
The skill requires an n8n API key and webhook base URL. This is expected for the stated integration, but it gives the agent delegated ability to trigger n8n workflows.
requires:
env:
- N8N_WEBHOOK_BASE_URL
- N8N_API_KEYUse a dedicated, least-privilege n8n key where possible, protect the environment variables, use HTTPS webhooks, and monitor n8n execution logs.
Workflow payloads and outputs may include customer emails, CRM notes, invoice details, social content, and business summaries handled by third-party services configured in n8n.
The documented n8n workflows may connect to email, spreadsheets/CRM, social platforms, and AI providers. This is purpose-aligned and disclosed, but it means sensitive business and customer data can flow through n8n and those providers.
Required n8n Credentials ... Gmail OAuth2 ... Google Sheets ... LinkedIn ... Twitter/X ... OpenAI or Anthropic
Review each n8n workflow before use, minimize data sent to AI providers, configure provider credentials carefully, and avoid sending sensitive customer data unless necessary.
If the user asks to repeat or modify a workflow, prior contact, invoice, post, or CRM details might be reused incorrectly if not reviewed.
The skill advertises reuse of previous trigger details. The provided scripts do not show a local persistence store, so this appears limited to agent/session context, but previous payload details could still be reused.
remembers what was last triggered so you can easily repeat or modify runs
Require the agent to restate and confirm the full payload before repeating or modifying any prior workflow run.