Back to skill

Security audit

n8n Workflow Management

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real n8n management skill, but it can trigger and change live automations while presenting some execution as “dry run” testing.

Install only if you are comfortable giving this skill an n8n API key that can manage live workflows. Use a staging n8n instance or least-privilege API key where possible, review workflow JSON before creating or executing it, and treat dry-run/test commands as real executions that may send messages, call APIs, or modify connected systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents commands to activate, deactivate, and execute workflows without clearly warning that these actions can change production behavior, trigger side effects, send outbound requests, or process live data. In the context of an automation platform, even a single manual execution can invoke third-party APIs, send emails, or alter downstream systems.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The CLI exposes state-changing operations like create, activate, deactivate, and execute without any confirmation, dry-run default, or clear warning to the user. In an agentic context, this increases the chance of unintended remote changes to production automations, including triggering workflows with side effects such as outbound emails, data modification, or integrations firing unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The dry_run method is not a simulation: it invokes self.client.execute_workflow(workflow_id, data=test_data), which can execute the real n8n workflow and trigger outbound HTTP requests, emails, database writes, or other automations. In a testing utility for an automation platform, this is dangerous because users may reasonably assume a dry-run is side-effect-free, causing accidental data transmission or operational actions against live systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.