n8n Hub
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only n8n helper that coherently uses an n8n API key and documents powerful API actions, but it does not include hidden code or automatic execution.
Before installing, be aware that this skill can guide your agent through n8n API operations using your API key. Use a restricted key, avoid pasting secrets into chat, confirm the base URL and resource IDs, and require approval before any mutating or admin-level action.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses a highly privileged n8n key, it may be able to view or change workflows, executions, and other n8n resources.
The skill expects an n8n API key for account access. This is appropriate for the stated n8n integration, but the key can authorize sensitive actions depending on its permissions.
export N8N_API_KEY="your-api-key-here" ... All requests must include: X-N8N-API-KEY: $N8N_API_KEY
Use a least-privilege n8n API key, store it in environment variables rather than chat, and verify the target n8n instance before allowing API calls.
Mistaken or overbroad API calls could activate, deactivate, retry, update, transfer, or delete n8n resources.
The endpoint catalog documents state-changing and admin-level n8n API actions. This is presented as reference material for the public API rather than hidden behavior, but the operations can have significant impact if run with the wrong target or ID.
DELETE `/workflows/{id}` ... DELETE `/credentials/{id}` ... PATCH `/users/{id}/role` ... DELETE `/projects/{projectId}`Require explicit confirmation before any create, update, activate, deactivate, retry, transfer, role-change, or delete operation, and double-check IDs and payloads.