ClawHub

skill n8n by Dr. FIRAS

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can create, activate, run, inspect, and delete workflows on a real n8n instance without strong safety gates.

Install only if you intend to let this skill administer your n8n instance. Use a staging instance or least-privileged API key where possible, review generated workflow JSON before pushing it, and require explicit approval before deploy, activate, run, or delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly markets one-step deployment to arbitrary n8n instances and optional automatic activation, but it does not warn that these actions can immediately modify a live automation environment. In a skill intended to generate and deploy workflows from natural-language input, omission of change-management and activation cautions increases the chance of unsafe production changes, credential misuse, or unintended workflow execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick-start section provides copy-pastable commands that test connectivity, push workflows, and activate them without any caution banner or review step. Because this skill is designed for auto-deployment, users may run the examples verbatim against production n8n servers, causing unintended workflow creation or activation from unreviewed artifacts.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation text is overly broad, causing the skill to trigger on many generic workflow-related requests, including review, debugging, optimization, and redeployment. Over-broad routing increases the chance that powerful deployment functionality is invoked in contexts where the user expected advice only, raising the risk of unintended file or network actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prominently describes automatic deployment and activation to any n8n instance without a clear warning that this can modify a live automation environment. In context, this is more dangerous because n8n workflows can trigger external systems, send messages, move data, or overwrite production behavior once activated.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The setup guidance instructs users to store an n8n API key locally but does not emphasize that the key is sensitive and grants remote control over workflows. While common in developer tooling, omission of credential-handling guidance can lead to insecure storage, accidental sharing, or reuse in unsafe environments.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The deploy() method transmits the full workflow definition to an external n8n instance via DeployPipeline.push(), which can include URLs, logic, and credential references. In this skill's context, automatic deployment is a core feature, so silent network transmission increases risk of unintended exfiltration or deployment to the wrong endpoint if the environment is misconfigured or the action is invoked without clear user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal