ClawHub

n8n Automation

Manage n8n workflows from OpenClaw via the n8n REST API. Use when the user asks about n8n workflows, automations, executions, or wants to trigger, list, create, activate, or debug n8n workflows. Supports both self-hosted n8n and n8n Cloud instances.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
9 · 4.2k · 26 current installs · 28 all-time installs
by@DILOmcfly
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (manage n8n via REST API) aligns with the runtime instructions which use the n8n REST endpoints for listing, triggering, creating, activating, and debugging workflows. However, the skill expects an N8N_API_URL and N8N_API_KEY in SKILL.md while the registry metadata declares no required environment variables or primary credential — this metadata omission is inconsistent with the skill's needs.
!
Instruction Scope
SKILL.md's instructions stay within n8n API operations (curl calls, webhook triggers, execution inspection). BUT the instructions require environment variables (N8N_API_URL, N8N_API_KEY) and suggest storing them in a local file (.n8n-api-config) even though the registry metadata does not advertise these requirements. That mismatch means an agent or user may not be warned that sensitive credentials are needed, and the guidance to persist the API key in a file increases the risk of accidental exposure.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to write to disk. That minimizes installation risk (no downloads or extracted archives).
!
Credentials
The skill requires an n8n API key (per SKILL.md) which the docs note 'has full access on non-enterprise plans.' Requesting a single API key for the service is proportionate to the functionality, but the metadata failing to declare it and the suggestion to persist the key in plaintext are problematic. There is no explicit support for least-privilege credentials or scoped tokens; users are not warned about the key's broad privileges.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is user-invocable only. It does recommend storing credentials locally, but it does not ask for platform-level persistence or elevated agent privileges.
What to consider before installing
This skill appears to do what it says (manage n8n via its API) but the package metadata omits the fact that it needs an N8N_API_URL and N8N_API_KEY. Before installing or using it: (1) only provide an API key to a skill you trust — n8n API keys can have full access; prefer a scoped or service account if possible, and rotate keys afterward; (2) avoid storing the API key in plaintext on shared systems; use a secrets manager or per-session env vars; (3) confirm the skill's source/owner (no homepage/source provided) and ask the publisher to update metadata to declare required env vars; (4) review any workflow JSON you upload/create to ensure it does not include sensitive credentials; and (5) treat webhook triggers as unauthenticated endpoints and ensure triggering them is safe. Because of the metadata mismatch and credential-handling guidance, proceed only after you verify the skill's provenance and consider limiting the key's scope.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk975h06bng2f8jq2z15encfr4x809ara

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

n8n Automation

Control n8n workflow automation platform via REST API.

Setup

Set these environment variables (or store in .n8n-api-config):

export N8N_API_URL="https://your-instance.app.n8n.cloud/api/v1"  # or http://localhost:5678/api/v1
export N8N_API_KEY="your-api-key-here"

Generate API key: n8n Settings → n8n API → Create an API key.

Quick Reference

All calls use header X-N8N-API-KEY for auth.

List Workflows

curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/workflows" | jq '.data[] | {id, name, active}'

Get Workflow Details

curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/workflows/{id}"

Activate/Deactivate Workflow

# Activate
curl -s -X PATCH -H "X-N8N-API-KEY: $N8N_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"active": true}' "$N8N_API_URL/workflows/{id}"

# Deactivate
curl -s -X PATCH -H "X-N8N-API-KEY: $N8N_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"active": false}' "$N8N_API_URL/workflows/{id}"

Trigger Workflow (via webhook)

# Production webhook
curl -s -X POST "$N8N_API_URL/../webhook/{webhook-path}" \
  -H "Content-Type: application/json" \
  -d '{"key": "value"}'

# Test webhook
curl -s -X POST "$N8N_API_URL/../webhook-test/{webhook-path}" \
  -H "Content-Type: application/json" \
  -d '{"key": "value"}'

List Executions

# All recent executions
curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/executions?limit=10" | jq '.data[] | {id, workflowId, status, startedAt}'

# Failed executions only
curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/executions?status=error&limit=5"

# Executions for specific workflow
curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/executions?workflowId={id}&limit=10"

Get Execution Details

curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/executions/{id}"

Create Workflow (from JSON)

curl -s -X POST -H "X-N8N-API-KEY: $N8N_API_KEY" \
  -H "Content-Type: application/json" \
  -d @workflow.json "$N8N_API_URL/workflows"

Delete Workflow

curl -s -X DELETE -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/workflows/{id}"

Common Patterns

Health Check (run periodically)

List active workflows, check recent executions for errors, report status:

# Count active workflows
ACTIVE=$(curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/workflows?active=true" | jq '.data | length')

# Count failed executions (last 24h)
FAILED=$(curl -s -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/executions?status=error&limit=100" | jq '[.data[] | select(.startedAt > (now - 86400 | todate))] | length')

echo "Active workflows: $ACTIVE | Failed (24h): $FAILED"

Debug Failed Execution

  1. List failed executions → get execution ID
  2. Fetch execution details → find the failing node
  3. Check node parameters and input data
  4. Suggest fix based on error message

Workflow Summary

Parse workflow JSON to summarize: trigger type, node count, apps connected, schedule.

API Endpoints Reference

See references/api-endpoints.md for complete endpoint documentation.

Tips

  • API key has full access on non-enterprise plans
  • Rate limits vary by plan (cloud) or are unlimited (self-hosted)
  • Webhook URLs are separate from API URLs (no auth header needed)
  • Use ?active=true or ?active=false to filter workflow listings
  • Execution data may be pruned based on n8n retention settings

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…