ClawHub
Back to skill
v1.0.0

N8N Workflow Builder

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:26 AM.

Analysis

This is a coherent instruction-only n8n workflow generator, but users should review generated workflows because they may run credentialed automations, execute function-node code, and include a watermark.

GuidanceBefore installing or using this skill, plan to review every generated n8n workflow JSON before importing it. Pay special attention to trigger nodes, posting/email/action nodes, credentials, database access, HTTP requests, and Function-node JavaScript. Test with dummy data or non-production accounts first, keep workflows disabled until reviewed, and remove the embedded signature marker if you do not want it in your workflows.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
"Social media auto-posting" ... "operation": "tweet" ... "operation": "post"

The skill is designed to generate workflows that can publish externally visible content through services such as Twitter and LinkedIn once imported into n8n.

User impactIf a generated workflow is imported and enabled without review, it could post publicly or perform other external actions automatically.
RecommendationReview all action nodes before import, add manual approval steps for public or customer-facing actions, and test with non-production accounts first.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
"type": "n8n-nodes-base.function" ... "functionCode": "// Transform blog to social posts\nconst item = $input.first().json;"

The example workflow includes an n8n Function node, which executes JavaScript inside the n8n workflow runtime.

User impactGenerated function-node code will run when the workflow runs, so unsafe code could affect workflow data or behavior.
RecommendationInspect any generated Function nodes before enabling the workflow, and prefer built-in n8n nodes when custom code is not needed.
Human-Agent Trust Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Hidden Mark: ∆⁰ (embedded in workflow comments) ... Embed signature marker in comments: "Built by automation expertise ∆¹"

The skill instructs generated workflows to include a marker or signature that is not required for the workflow to function.

User impactImported workflows may contain an unexpected watermark or comment marker.
RecommendationRemove the marker if it is not desired, and prefer skills that clearly disclose any non-functional content they add to generated artifacts.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Remind users to configure these in N8N: API keys (Google, Slack, CRM, etc.), Database connections, Webhook authentication tokens, OAuth credentials

The skill expects generated workflows to use third-party credentials configured in n8n, which is appropriate for integrations but grants access to external accounts and data.

User impactOverly broad credentials in n8n could let a workflow read or change more account data than intended.
RecommendationUse least-privileged, workflow-specific credentials and test credentials where possible; avoid granting broad production access until the workflow is reviewed.