ClawHub
Back to skill
v1.0.0

N8n 1.0.2

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

This looks like a legitimate n8n management helper, but it can use your n8n API key to run or change automations, so it deserves careful review before installation.

GuidanceInstall this only if you want the agent to manage your n8n instance. Before using it, configure a dedicated least-privilege API key, verify the base URL, and treat activate/deactivate/execute actions as potentially high-impact because workflows may affect external systems.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/n8n_api.py
def activate_workflow(self, workflow_id: str) -> Dict:
    return self._request('PATCH', f'workflows/{workflow_id}', json={'active': True})
...
def execute_workflow(self, workflow_id: str, data: Dict = None) -> Dict:
    return self._request('POST', f'workflows/{workflow_id}/execute', json=payload)

The code directly performs state-changing n8n API actions that can enable automations or manually trigger workflows; the artifacts do not define approval, dry-run, or workflow allow-list boundaries.

User impactIf used incorrectly, the agent could turn automations on or off or trigger workflows that send messages, update records, call other services, or perform other configured side effects.
RecommendationUse a least-privilege n8n API key if possible, confirm workflow IDs before state-changing actions, and require explicit user approval before activate, deactivate, execute, update, or delete operations.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
requirements.txt
requests>=2.28.0

The setup installs an unpinned dependency version. This is common and purpose-aligned, but it gives less reproducibility than a pinned dependency.

User impactFuture installs may receive a different version of the dependency than the one the author tested.
RecommendationInstall in the documented virtual environment and consider pinning dependency versions if you need reproducible or controlled deployments.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
scripts/n8n_api.py
self.api_key = api_key or os.getenv('N8N_API_KEY')
...
'X-N8N-API-KEY': self.api_key

The skill uses an environment-sourced n8n API key as delegated account authority for all API calls. This is expected for the stated purpose, but it is sensitive access.

User impactAnyone or any agent process using this configured environment can act through the n8n API key within that key's permissions.
RecommendationStore the key carefully, avoid exposing it in shared shells or logs, rotate it if compromised, and prefer a scoped key dedicated to this skill.