ClawHub

N8n Code Automation Nelmaz

Security checks across malware telemetry and agentic risk

Overview

This skill supports legitimate n8n automation, but it bundles conflicting old and new instructions and can guide agents to execute, modify, or delete remote workflows with an API key.

Install only if you control the target n8n instance and understand the connected workflows. Use a dedicated least-privilege API key, keep credentials out of shared config files, verify which SKILL.md will be active, start with read-only behavior where possible, and require manual review before any workflow execution, update, clone, webhook trigger, or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is overly broad and could cause the agent to invoke n8n automation for many routine coding tasks without clear user intent. Because this skill can execute workflows and perform state-changing operations against external systems, ambiguous activation materially increases the chance of unintended automation, data transmission, or destructive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Quick Start section includes a direct workflow execution example without repeating the earlier confirmation and permission requirements. Users or downstream agents often follow quick-start snippets verbatim, so presenting a state-changing action as a simple step can bypass safety expectations and trigger real external effects immediately.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad phrases like "execute workflow" and "automate with n8n," which can match generic user requests outside a clearly scoped n8n context. In an agent environment, over-broad activation can cause this skill to be selected for unrelated tasks and then encourage external API actions or workflow execution with side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides direct instructions for executing workflows and invoking webhooks, but it does not clearly warn that doing so may transmit user, repository, CI/CD, or other sensitive data to an external n8n instance and may trigger real-world side effects. In this context, omission of a side-effect warning is risky because the skill is specifically designed to run remote automation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal