N8n Openclaw Bridge
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate n8n bridge, but it gives the agent broad workflow-control powers using an n8n API key that the registry metadata does not declare.
Install only if you are comfortable letting the agent manage your n8n workflows. Use a dedicated API key, start in a test n8n workspace, require explicit approval for create/delete/activate/retry or publishing actions, and secure any webhook templates before exposing them.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent may be able to control workflows in the user's n8n instance even though the registry metadata does not clearly advertise that credential boundary.
The skill says it needs an n8n API key, while the registry metadata declares no credential or environment-variable requirement. That key can authorize broad control over n8n workflows.
metadata: "Required env vars: none" / "Primary credential: none"; SKILL.md: "n8n API key" and "Agent needs the API URL and key stored in environment or TOOLS.md"
Use a dedicated least-privilege n8n API key if possible, avoid putting secrets in broadly shared files, and require explicit user approval before workflow mutations.
A mistaken agent action could delete or activate workflows, rerun side-effecting jobs, or create automations that affect external services.
These are raw API operations that can delete, create, retry, or otherwise mutate automations. The artifacts do not show clear guardrails such as confirmation requirements, scoping rules, or rollback steps.
"Delete Workflow" uses `curl -s -X DELETE ... /api/v1/workflows/{id}`; "Retry Failed Execution" uses `POST ... /executions/{id}/retry`; "Create a Complete Workflow via API" uses `POST ... /api/v1/workflows`.Require confirmation for create/update/delete/activate/retry actions, back up workflows before mutation, and limit the agent to specific workflow IDs or a test n8n project.
If exposed publicly, someone who knows or guesses the webhook URL could submit data to the workflow and trigger downstream notifications or actions.
The template exposes a webhook-style entry point with a predictable path and no visible authentication or payload-validation settings in the provided template.
"httpMethod": "POST", "path": "publish-content", "responseMode": "lastNode", "options": {}Use random webhook paths, add a shared secret or header check, validate payloads, and avoid exposing webhook endpoints publicly unless needed.
Workflows may continue running and making network requests until the user disables or deletes them.
The website-monitor template creates a recurring background workflow. This is purpose-aligned for monitoring, but it persists beyond the initial agent request.
"type": "n8n-nodes-base.scheduleTrigger" with "minutesInterval": 30
Review and activate scheduled workflows intentionally, document their owner and purpose, and disable them when they are no longer needed.