n8n
v2.0.0Manage n8n workflows and automations via API. Use when working with n8n workflows, executions, or automation tasks - listing workflows, activating/deactivating, checking execution status, manually triggering workflows, or debugging automation issues.
⭐ 51· 16.1k·173 current·183 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required env vars (N8N_API_KEY, N8N_BASE_URL), SKILL.md guidance, and the Python client scripts (n8n_api.py, n8n_tester.py, n8n_optimizer.py) all align with managing n8n workflows, executions, testing, and optimization. Requested credentials map to the stated purpose.
Instruction Scope
Runtime instructions are focused on using the Python scripts to call the n8n REST API and to create/validate/execute workflows. The SKILL.md also encourages creating workflows that include real HTTP Request nodes which will cause those workflows (when executed) to call third-party services — this is expected for n8n but users should be aware that executing workflows may trigger outbound requests and third-party integrations. The docs instruct storing secrets in OpenClaw settings or ephemeral env vars and warn against shell rc persistence (good practice).
Install Mechanism
There is no install spec (instruction-only), which minimizes installation risk. However, the package contains Python scripts that assume a Python 3 runtime and the 'requests' library yet the skill metadata does not declare required binaries or Python dependencies. This is a minor inconsistency: the user must ensure python3 and any Python dependencies are installed before running the scripts.
Credentials
The only required environment variables are N8N_API_KEY (primary) and N8N_BASE_URL, which are appropriate and proportionate for an n8n API client. The SKILL.md does not request unrelated credentials or other secret environment variables.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other worrying signals.
Assessment
This skill appears to do what it says: control and inspect an n8n instance via its API. Before installing or running it, confirm the following: (1) point N8N_BASE_URL to a trusted n8n instance and use an API key with least privilege (rotate keys if unsure); (2) review the three Python scripts locally — they call only the n8n API endpoints and do not contact other hidden hosts, but you should audit them if you have concerns; (3) ensure you have python3 and the 'requests' package installed (the metadata does not list dependencies); (4) be aware that executing workflows can trigger third-party HTTP requests (the SKILL.md encourages including HTTP Request nodes), so test in an isolated environment or with safe test data first; (5) the README/SKILL mention templates, but templates were not included in the manifest — verify template contents if provided later. If any of these raise concerns, run the scripts in an isolated environment and inspect network traffic before giving this skill access to production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk976x6tr9vr6mtd9qnv4ec63ps80x11e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚙️ Clawdis
EnvN8N_API_KEY, N8N_BASE_URL
Primary envN8N_API_KEY