v0.1.0

n8n Automation

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

This instruction-only n8n skill is coherent, but deserves review because it uses a potentially full-access n8n API key and documents commands that can create, trigger, activate, or delete automations.

GuidanceInstall only if you are comfortable giving the agent access to your n8n instance. Use a least-privileged or dedicated API key if possible, start with a test instance, and require explicit confirmation before any action that creates, deletes, activates, deactivates, transfers, edits credentials, or triggers workflows.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

### Create Workflow (from JSON) ... -d @workflow.json "$N8N_API_URL/workflows" ... ### Delete Workflow ... curl -s -X DELETE ... "$N8N_API_URL/workflows/{id}"

The runtime instructions document direct raw REST calls for creating and deleting workflows. These are purpose-aligned but high-impact, and the artifact does not include explicit safeguards such as confirmation, ID verification, dry-run guidance, or rollback instructions.

User impactA mistaken workflow ID, payload, or instruction could change or remove automations that may affect business processes or connected services.

RecommendationBefore using mutation commands, verify the instance URL, workflow ID, and JSON payload; require explicit confirmation for activation, triggering, creation, deletion, ownership transfer, credential changes, and other irreversible actions.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The artifact has limited provenance information, but it also contains no executable code or install step, so the provenance issue is a notice rather than a standalone security concern.

User impactUsers have less external context for who maintains the skill or where to inspect its upstream history.

RecommendationReview the included instructions directly before use and prefer trusted, documented skill sources for production automation administration.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

export N8N_API_KEY="your-api-key-here" ... Tips: API key has full access on non-enterprise plans

The skill asks for an n8n API key and explicitly warns that the key can be full-access. That is high-impact delegated account authority for workflows and connected automations.

User impactIf installed and used with a broad n8n API key, the agent may have enough authority to view, create, change, activate, trigger, or delete automations in the user's n8n instance.

RecommendationUse the least-privileged n8n API key available, prefer a dedicated test instance first, and require explicit user approval before any create, activate, trigger, credential, ownership, or delete operation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Debug Failed Execution: Fetch execution details → find the failing node; Check node parameters and input data

Execution details, node parameters, and input data can contain private operational payloads. Reading them is relevant to debugging n8n workflows, but users should recognize that sensitive workflow data may enter the agent context.

User impactDebugging may expose request bodies, customer data, internal errors, or other workflow payloads to the agent session.

RecommendationRedact secrets and sensitive payloads where possible, limit debugging to the specific execution needed, and avoid sharing unnecessary execution details.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Trigger Workflow (via webhook) ... curl -s -X POST "$N8N_API_URL/../webhook/{webhook-path}" ... Tips: Webhook URLs are separate from API URLs (no auth header needed)

The skill documents unauthenticated webhook triggering, which is normal for many n8n workflows but means the webhook path and payload are the effective control boundary.

User impactCalling the wrong webhook path or sending the wrong payload could trigger an automation without the n8n API key being used for that request.

RecommendationTreat webhook URLs as sensitive, confirm the target webhook path and environment, and avoid sending sensitive payloads unless the workflow is designed to handle them safely.