Security audit

n8n ops

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only n8n automation skill whose broad workflow access is disclosed and aligned with its purpose, but users should use a scoped key and keep approvals for production changes.

Install only if you intend to let an agent operate your n8n instance. Use a dedicated least-privilege n8n API key, prefer staging before production, require explicit approval for updates, runs, activation, deactivation, and deletion, and review any webhook or AI-memory workflow for sensitive data, third-party LLM processing, and retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The reference documents destructive endpoints such as workflow and execution deletion without any caution about permanence, backup, or confirmation requirements. In an autonomous automation agent context, this increases the chance that an LLM-driven or inattentive user action could irreversibly remove workflows or forensic execution history.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: Activation and manual run endpoints can trigger real workflow side effects, including sending messages, modifying external systems, or invoking downstream integrations, yet the documentation does not warn about these operational consequences. Because this skill is explicitly designed for autonomous workflow automation, omission of side-effect warnings materially raises the risk of unintended actions in production.

Missing User Warnings

Low

Confidence: 71% confidence
Finding: Execution retrieval responses include run data, workflow data, and error details, which may contain sensitive payloads, user data, prompts, or operational metadata. The examples present this access without any privacy or retention warning, creating a realistic risk of over-collection or exposure when used by an autonomous agent.

Missing User Warnings

High

Confidence: 91% confidence
Finding: The AI agent template accepts arbitrary webhook input, forwards message content to OpenAI, and stores conversation state in memory keyed by a user-controlled session identifier, yet provides no warning about third-party processing, retention, or cross-session privacy risks. In an automation skill centered on creating and deploying workflows, this omission is more dangerous because users may deploy the pattern directly and unintentionally send sensitive inbound data to an LLM provider.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.