N8n 1.0.2
ReviewAudited by ClawScan on May 10, 2026.
Overview
This n8n skill appears purpose-aligned, but it uses an n8n API key and can trigger or change workflows, so it should be used with care.
Install only if you intend to let the agent interact with your n8n instance. Use a limited-scope API key if available, keep the key secure, and manually review requests that activate, deactivate, or execute workflows.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill can start or change automations that may affect other services connected to n8n.
The skill can change workflow state and manually trigger workflows through the n8n API. This is aligned with its stated purpose, but these actions can affect connected automations.
def activate_workflow(self, workflow_id: str) -> Dict: ... PATCH ... {'active': True}; ... def execute_workflow(self, workflow_id: str, data: Dict = None) -> Dict: ... POST ... f'workflows/{workflow_id}/execute'Use a least-privilege n8n API key where possible and review workflow IDs and payloads before activating, deactivating, or executing workflows.
Anyone or any agent process with access to this environment variable may be able to use the configured n8n API permissions.
The skill requires an n8n API key and base URL to access the user’s n8n instance. This is expected for the integration, though the registry metadata lists no required env vars or primary credential.
export N8N_API_KEY="your-api-key-here" export N8N_BASE_URL="https://your-n8n-instance.com"
Store the API key securely, avoid sharing shell environments unnecessarily, and prefer an API key with only the permissions needed for the intended tasks.
A future dependency version could behave differently from the version the author tested.
The setup installs an unpinned Python dependency. The dependency is common and purpose-aligned, but the exact version is not locked.
requests>=2.28.0
Install in the documented virtual environment and consider pinning or reviewing dependency versions in higher-security environments.