Back to skill
Skillv1.0.0
ClawScan security
n8n Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 12:19 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's functionality (deploying n8n workflows via the n8n API) is coherent, but there are mismatches between the declared metadata and the runtime requirements (missing env var declarations and undeclared binary dependencies), which deserves caution before installation.
- Guidance
- This skill appears to do what it claims (create/activate/manage n8n workflows via the n8n API), but the package metadata is incomplete. Before installing or running it: (1) do not provide your N8N_API_KEY to an untrusted skill — verify the skill's source and review scripts; (2) confirm N8N_URL and N8N_API_KEY are required (SKILL.md and scripts/n8n-api.sh require them) even though the registry metadata omitted them; (3) ensure curl and jq are available in the runtime environment (the script uses both); (4) review any workflow JSON the skill would send to your n8n instance before deployment to avoid injecting unwanted credentials/actions; and (5) consider running the script in an isolated environment or with a limited-permission API key for testing. These metadata mismatches are the main red flags — they may be benign oversights, but proceed cautiously.
Review Dimensions
- Purpose & Capability
- noteThe skill's code and SKILL.md align with the described purpose: it builds and deploys n8n workflows via the n8n REST API and includes workflow patterns and schema references. Requesting an n8n API key and URL is appropriate for this functionality.
- Instruction Scope
- concernSKILL.md explicitly requires N8N_URL and N8N_API_KEY and instructs the agent to POST workflow JSON to the target n8n instance via scripts/n8n-api.sh; these runtime instructions access network endpoints and expect you to supply secrets, but the skill registry metadata did not declare these environment variables. The instructions otherwise stay within the declared purpose and do not request unrelated system files.
- Install Mechanism
- okThere is no install spec (instruction-only with a helper script). Nothing is downloaded or written by an installer; risk is limited to the provided script and its runtime network calls.
- Credentials
- concernThe helper script requires N8N_API_KEY (and optionally N8N_URL) to operate, which is proportional to the skill's purpose. However, the skill metadata incorrectly lists no required env vars. Additionally, the script invokes curl and jq but the registry's required-binaries list is empty — a mismatch that can cause runtime failures or hidden assumptions about available tools.
- Persistence & Privilege
- okThe skill does not request persistent installation, 'always' is false, and it does not modify other skills or system-wide configurations. It performs network calls to the provided n8n instance only when invoked.