N8n Dispatch

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward n8n bridge that sends user-provided request text to a configured n8n service, with some input-handling and privacy caveats.

Install only if you control or trust the n8n_dispatch service you register. Do not send secrets or sensitive personal data unless that workflow is intended to receive it, prefer a protected HTTPS or local endpoint, and add n8n-side validation and confirmation gates for workflows that perform real actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly states that it forwards the raw user prompt to an external MCP service backed by n8n, but it does not warn users about that data flow or its privacy/security implications. This can lead users to unknowingly send sensitive information, secrets, or personal data to a remote service outside the local agent boundary, increasing the risk of disclosure, retention, logging, or downstream misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal