AutomateLab n8n
PassAudited by ClawScan on May 10, 2026.
Overview
This n8n helper is coherent and purpose-aligned, but it relies on an external npm MCP server and may generate workflows containing HTTP or code nodes that should be reviewed before running.
Before installing, confirm you trust the @automatelab/n8n-mcp npm package and review generated workflows before running them in n8n, particularly any nodes that call external services, use credentials, execute Code, or add AI-agent tools or memory.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Enabling the skill runs code from the referenced npm package in the user's environment.
The skill depends on an external npm package run through npx as its MCP server. This is expected for the stated MCP integration, but users should recognize that package code is outside the provided artifact review and the setup example is not version-pinned.
"command": "npx", "args": ["-y", "@automatelab/n8n-mcp"]
Verify the npm package and repository before enabling it, and pin or otherwise control the package version if your environment requires stronger supply-chain guarantees.
A generated workflow could perform external API calls, run code, or invoke sub-workflows if the user imports and runs it.
The skill can generate n8n workflow artifacts that include action-capable nodes. This matches the workflow-building purpose, but those artifacts may contact services or run code once the user imports and executes them in n8n.
Tool nodes can wrap arbitrary HTTP requests, sub-workflows, or Code.
Review generated workflow JSON and custom TypeScript nodes before importing or executing them, especially any HTTP Request, Code, credentialed, or AI-agent tool nodes.