Back to skill

Security audit

N8n Openclaw Bridge

Security checks across malware telemetry and agentic risk

Overview

This looks like a real n8n automation helper, but it gives an agent broad workflow-control powers with weak scoping, confirmation, and secret-handling guidance.

Install only if you are comfortable giving your agent control over n8n workflows. Use a dedicated least-privilege API key, avoid prompt-visible secret storage, start in a test n8n workspace, require explicit approval for create/delete/activate/retry/publish actions, and add authentication or shared-secret validation to webhook templates before exposing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes broad creation, triggering, and management of n8n workflows directly from an agent, but provides no guardrails about workflow scope, side effects, approval requirements, or least-privilege use. In this context, an LLM-driven automation bridge can perform impactful external actions across many integrations, so the absence of safety warnings increases the chance of unsafe or unauthorized automation being deployed or triggered.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README tells users to place an n8n API key in TOOLS.md without any credential-handling warning, which can encourage storing sensitive secrets in a file that may be committed, exposed to the agent context, or leaked through logs and prompts. Because this skill is specifically designed to let an agent manage n8n, compromise of that API key could grant broad control over workflows and connected integrations.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes very broad phrases such as 'create a workflow' and 'automate this process', which can cause the skill to activate in situations where the user did not intend to grant workflow-management or webhook-triggering behavior. In this skill, accidental invocation is more dangerous because the documented actions include creating, modifying, activating, retrying, and deleting automations that can affect external systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes webhook triggering and workflow management patterns that transmit data to external endpoints and support destructive operations like delete/deactivate, but it does not consistently require explicit user consent or warn about side effects. In context, this is more dangerous because n8n can fan out into many downstream integrations, turning a single agent action into broad external impact.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The webhook path publish-content is generic and predictable, which increases the chance of unsolicited or accidental invocation if the endpoint is exposed without strong authentication or an unguessable URL. In a publishing workflow, unauthorized triggering could cause spammy notifications, bogus scheduling, or unintended processing of attacker-supplied content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow sends content title, target platform, and schedule to Telegram based directly on webhook-supplied data, with no visible consent, minimization, or access control in the template. This can leak operational metadata to an external messaging service and may expose sensitive campaign details if the webhook is triggered by unauthorized parties or used with confidential content.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.