AutomateLab n8n
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Enabling the skill runs code from the referenced npm package in the user's environment.
The skill depends on an external npm package run through npx as its MCP server. This is expected for the stated MCP integration, but users should recognize that package code is outside the provided artifact review and the setup example is not version-pinned.
"command": "npx", "args": ["-y", "@automatelab/n8n-mcp"]
Verify the npm package and repository before enabling it, and pin or otherwise control the package version if your environment requires stronger supply-chain guarantees.
A generated workflow could perform external API calls, run code, or invoke sub-workflows if the user imports and runs it.
The skill can generate n8n workflow artifacts that include action-capable nodes. This matches the workflow-building purpose, but those artifacts may contact services or run code once the user imports and executes them in n8n.
Tool nodes can wrap arbitrary HTTP requests, sub-workflows, or Code.
Review generated workflow JSON and custom TypeScript nodes before importing or executing them, especially any HTTP Request, Code, credentialed, or AI-agent tool nodes.