n8n Automation
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent n8n API helper, but it can use a full-access n8n API key to change, trigger, or delete automations.
Install this only if you want OpenClaw to help manage your n8n instance. Protect the API key, prefer least privilege, and manually confirm any workflow deletion, activation, credential change, or webhook trigger because n8n workflows may affect other connected business systems.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create, activate, deactivate, trigger, or delete workflows if the user directs it to run these commands, potentially affecting systems connected to n8n.
The skill documents direct mutating and destructive n8n API operations. This is aligned with a workflow-management skill, but the user should notice that a mistaken ID or unreviewed request could remove or change automations.
### Delete Workflow
curl -s -X DELETE -H "X-N8N-API-KEY: $N8N_API_KEY" "$N8N_API_URL/workflows/{id}"Use list/get commands first, back up important workflows, and require explicit confirmation before POST, PATCH, DELETE, activation, transfer, credential, or webhook-trigger actions.
Anyone or any agent action using this key may be able to read workflow and execution details and modify n8n resources according to the key's permissions.
The skill requires an n8n API key and explicitly states that the key can have full account access. This is expected for the integration, but it gives the agent broad delegated authority in n8n.
export N8N_API_KEY="your-api-key-here" ... - API key has full access on non-enterprise plans
Use a dedicated least-privilege key if available, keep .n8n-api-config out of shared repositories, rotate the key if exposed, and avoid using an admin key unless necessary.