Security audit

n8n Automation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to manage n8n as advertised, but it includes high-impact workflow changes and deletion without clear built-in safety checks.

Install only if you are comfortable giving the agent an n8n API key that can change workflows. Prefer a least-privilege key, test against a non-production n8n instance first, and require explicit confirmation before activate, deactivate, or delete actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill metadata says it is for managing workflows but does not clearly disclose that it supports irreversible deletion. This mismatch can cause an agent or operator to invoke the skill under a less risky mental model, increasing the chance of unintended destructive actions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation text is broad enough that the skill could be selected for general n8n discussion, not only for explicit requests to perform API-backed actions. That increases the chance of over-broad activation and accidental state-changing operations in response to ambiguous user intent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill documents activation and deactivation operations without any safety warning, approval step, or user-impact notice. Enabling or disabling workflows can interrupt automations, trigger side effects, or change production behavior if the agent executes these examples directly.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The delete workflow example presents an irreversible destructive operation with no warning or confirmation requirement. If invoked accidentally or by a confused agent, it can permanently remove workflow definitions and disrupt business automations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.