Back to skill
Skillv1.0.1
ClawScan security
n8n ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 1:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are consistent with its stated purpose (managing an n8n instance via the REST API); it asks only for the expected API key, base URL, and common CLI tools and includes reasonable guardrails.
- Guidance
- This skill appears coherent with its purpose, but the API key you supply is powerful — it can read and change workflows, executions, and credential metadata. Only install if you trust the skill and the environment. Recommendations: use a least-privilege or staging API key (not a production admin key), ensure N8N_BASE_URL points to the intended instance, review any workflow JSON the skill proposes before deployment, require human confirmation for activate/delete operations, rotate or revoke the key if you stop using the skill, and monitor n8n audit logs for unexpected changes.
Review Dimensions
- Purpose & Capability
- okName/description match the declared requirements: it uses n8n's REST API so requiring N8N_API_KEY and N8N_BASE_URL plus curl/jq is expected and proportionate. Binaries and env vars align with the described capabilities (create/read/update/delete workflows, executions, credentials).
- Instruction Scope
- noteSKILL.md instructs the agent to call the n8n REST API (curl or web_fetch) and to use browser for UI guidance; it does not ask to read unrelated files or environment variables. Note: the instructions grant the agent authority to read and modify workflows and executions via the provided API key — the doc includes guardrails (confirm before destructive or production actions) but those are operational rules, not enforced technical constraints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest install risk. The skill does not download or install packages.
- Credentials
- okOnly two env vars are required (N8N_API_KEY, N8N_BASE_URL) and the primaryEnv is correctly set to N8N_API_KEY. These are necessary and sufficient for the advertised functionality. Reminder: an N8N_API_KEY typically grants read/write control over workflows and executions, so it is high privilege relative to the instance.
- Persistence & Privilege
- okalways:false, no required config paths, and no instructions to modify other skills or system-wide settings. The skill can be invoked autonomously by the agent (platform default) but that is not by itself a red flag.