n8n工作流自动化

Security checks across malware telemetry and agentic risk

Overview

This n8n workflow tool is mostly purpose-aligned, but it can make persistent workflow changes with powerful API access and weak safety disclosure.

Review before installing. Use a least-privilege n8n API key, test only on a non-production n8n instance, back up workflows before running schedule or import, and send monitoring alerts only to trusted webhook destinations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tainted flow: 'content' from requests.get (line 193, network input) → requests.post (network output)

Medium

Category: Data Flow
Content: content = f"⚠️ n8n工作流异常告警\n共发现{len(executions)}个失败任务：\n" for exec in executions: content += f"- 工作流：{exec['workflow']['name']}\n 错误：{exec['error']['message']}\n" requests.post(args.webhook, json={"msgtype": "text", "text": {"content": content}}) print("✅ 告警已推送到企业微信") except: pass
Confidence: 89% confidence
Finding: requests.post(args.webhook, json={"msgtype": "text", "text": {"content": content}})

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documents operations that write files and communicate over the network, including exporting backups to disk and sending monitoring alerts/webhooks, but it does not declare corresponding permissions or safety boundaries. This creates hidden capability risk because users and platforms cannot accurately assess or constrain what the skill may access or transmit.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to supply n8n API keys, backup paths, service URLs, and webhook endpoints for import/export and monitoring, but provides no warning about credential secrecy, backup sensitivity, or data exfiltration risks. In this context, exported workflows may contain connection details or business logic, and alerting/webhook integrations can leak operational data to external services.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The export command saves all workflow data to a local JSON backup file with no warning, filtering, or permission hardening. n8n workflows often contain embedded connection details, tokens, internal URLs, and operational logic, so writing them unprotected to disk can create a local secret exposure risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal