N8n Workflow Automation Litiao
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on designing n8n workflow JSON and includes reasonable safeguards such as read-only defaults, no embedded secrets, and user approval for privileged access.
Before installing or using this skill, understand that it helps create n8n workflow definitions rather than running them directly. Review any generated workflow JSON before importing it, keep workflows inactive until checked, use least-privilege credentials, and avoid logging secrets or unnecessary sensitive data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the generated workflow is imported and activated, it could send emails or write records to connected services according to the design.
The skill may design workflows that write to external systems, which is expected for n8n automation but should be reviewed before import or activation.
Targets: where to write results (email/Drive/Sheet/DB) and required fields.
Review generated workflow nodes, credentials, destination systems, and write actions before importing or enabling the workflow in n8n.
Generated workflows may require service credentials in n8n, so overly broad credentials could grant more access than needed.
The skill anticipates credentials or privileged access for generated workflows, but it instructs the agent to ask the user and avoid embedding secrets.
STOP AND ASK THE USER if: ... credential strategy (env vars) is not specified, - the workflow needs privileged access not yet approved.
Use least-privilege n8n credentials and environment variables, and approve any privileged access explicitly.
Logs and review queues may retain payload details, errors, or status information that could be sensitive depending on the workflow.
The generated workflow design includes persistent audit logging and error details, which is purpose-aligned but may store operational or sensitive data in user-selected locations.
generate `run_id`, log start/end, store status row and error details.
Limit logged fields, avoid storing secrets or unnecessary personal data, and choose secure destinations with appropriate retention rules.