OpenClaw n8n Orchestrator
v2.0.0When the user wants to connect an OpenClaw agent to n8n workflows, create n8n webhook skills for OpenClaw, route agent API calls through n8n for credential i...
⭐ 1· 282·0 current·0 all-time
byKristopher Dunham@ktopper
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe routing OpenClaw calls through n8n and generating skill directories; the repository contains templates, trigger scripts, validator, and deployment docs that match that purpose. The orchestrator itself declares no required env vars in registry metadata (reasonable because it generates skill templates that will declare their own env requirements).
Instruction Scope
SKILL.md and templates limit actions to generating SKILL.md, scripts, webhook triggers, and deployment guidance. The instructions explicitly document which endpoints and environment variables are used (n8n webhook URL/secret, Gateway endpoints) and include mandatory transparency sections; they do not instruct reading unrelated host files or exfiltrating secrets beyond the stated webhook/ gateway flows.
Install Mechanism
There is no install spec; this is instruction-plus-template code only. Bundled files are local templates and a validator script—no remote download/install of arbitrary code. Note: documentation references common install commands (e.g., curl | bash for OpenClaw) for external projects; that's a user action outside this skill and should be handled with usual caution.
Credentials
The skill package itself declares no required env vars, but the generated skill templates and provided scripts clearly expect N8N_WEBHOOK_URL, N8N_WEBHOOK_SECRET, and the OpenClaw gateway token when used. This is proportionate to the stated proxy/orchestration purpose, but users should be aware that generated skills will require those credentials and that they must not be included in packaged archives or repository history.
Persistence & Privilege
always:false and default model-invocation settings are used. The skill does not request permanent presence or try to modify other skills or system-wide settings. It does recommend removing generated skill dirs to disable autonomous invocation, which is a reasonable operational note.
Assessment
This skill appears to do what it says: it helps you build OpenClaw skills that call n8n webhooks and configures bidirectional flows. Before installing or using it, consider: 1) Trust: you must trust your n8n instance and any integrations it holds, because the orchestrator routes agent data there. 2) Secrets handling: do not include .env or API keys in published skill archives or Git history; generated skills will require N8N_WEBHOOK_URL, N8N_WEBHOOK_SECRET, and OPENCLAW_GATEWAY_TOKEN — keep those in a secure vault. 3) Gateway exposure: follow the docs to keep the OpenClaw Gateway bound to localhost or tunnel it (SSH/WireGuard/Cloudflared) rather than exposing it publicly. 4) Validate generated skills: run the included validate_integration.py and inspect generated SKILL.md/scripts before publishing to ClawHub. 5) Be cautious with remote install commands referenced in docs (e.g., curl | bash) — verify sources before running. If you want extra assurance, request a brief review of any generated skill directory (SKILL.md + scripts) before publishing or deploying.Like a lobster shell, security has layers — review code before you run it.
automationvk973d5w39ea73rgrw13nm5htt182q7j9credential-isolationvk973d5w39ea73rgrw13nm5htt182q7j9dockervk973d5w39ea73rgrw13nm5htt182q7j9latestvk973d5w39ea73rgrw13nm5htt182q7j9latestn8nvk973d5w39ea73rgrw13nm5htt182q7j9proxy-patternvk973d5w39ea73rgrw13nm5htt182q7j9securityvk973d5w39ea73rgrw13nm5htt182q7j9webhookvk973d5w39ea73rgrw13nm5htt182q7j9workflowvk973d5w39ea73rgrw13nm5htt182q7j9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.