ClawHub

n8n Builder

Security checks across malware telemetry and agentic risk

Overview

This is a transparent n8n workflow-management skill, but it can change live automations and connected services if used with a powerful API key.

Install this only if you want an agent to manage an n8n instance. Use a test instance or least-privileged API key where possible, review generated workflow JSON and workflow IDs before create/update/delete/execute/activate actions, avoid exposing secrets or regulated data in example workflows, and monitor or deactivate workflows that should not keep running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script exposes a `credentials` command that enumerates all stored n8n credentials via `/credentials`, which expands capability beyond workflow creation and management into secret inventory discovery. In an agent skill context, this is dangerous because an LLM or downstream automation could use the same API key to map available integrations and sensitive assets, enabling follow-on abuse even if raw secrets are not directly returned.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs activation, deletion, and execution of live workflows without warning about production impact, irreversible changes, or the possibility of triggering external side effects. In this skill's context, those actions can immediately alter automations, fire webhooks, send messages, or disrupt business processes, making accidental misuse materially dangerous.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill requires an `N8N_API_KEY` but provides no guidance on secure handling, storage, least privilege, or avoiding accidental disclosure in logs and prompts. Because this key can grant administrative access to workflows and credentials metadata, poor handling could lead to unauthorized automation changes or information exposure.

Missing User Warnings

High
Confidence
88% confidence
Finding
The AI agent example takes user chat input and forwards it to an external OpenAI model without any warning that prompts and possibly embedded sensitive data are transmitted off-platform. In an automation-building skill, this is more dangerous because users may copy patterns directly into production workflows and unintentionally expose confidential user input to an external LLM provider.

Missing User Warnings

High
Confidence
92% confidence
Finding
The database sync example selects lead records including personal data and propagates them to Google Sheets and Slack without warning about cross-system disclosure. In the context of a workflow-builder skill, this is especially risky because it normalizes copying database-derived PII into external SaaS tools where access controls, retention, and compliance requirements may differ.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The credential enumeration functionality is exposed without any user-facing disclosure, confirmation, or friction, making sensitive environment discovery a one-step action. In an agent skill, lack of warning materially increases risk because users may invoke broad inspection capabilities indirectly or unknowingly through natural-language requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal