ClawHub

N8n 1.0.2

v1.0.0

Manage n8n workflows and automations via API. Use when working with n8n workflows, executions, or automation tasks - listing workflows, activating/deactivating, checking execution status, manually triggering workflows, or debugging automation issues.

1· 1.8k·2 current·2 all-time
by@pntrivedy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name, description, and code align with an n8n API client (listing, activating, executing workflows). However the registry metadata claims no required env vars or primary credential while the SKILL.md and n8n_api.py clearly require N8N_API_KEY (and N8N_BASE_URL). The missing declared primaryEnv and absent homepage/source are additional red flags about provenance.
Instruction Scope
SKILL.md instructions are scoped to calling the n8n REST API and match the provided scripts. They do instruct the user to place the API key in shell rc files (~/.zshrc or ~/.bashrc), which persists a secret in plain text environment configuration — a security/privacy consideration but functionally consistent with the skill's purpose.
Install Mechanism
This is an instruction-only skill with no install spec. It includes a requirements.txt (requests) and instructs creating a virtualenv and pip installing dependencies — a low-risk, conventional installation path.
!
Credentials
The skill legitimately needs N8N_API_KEY and N8N_BASE_URL, but the registry metadata does not list any required env vars or primary credential. That mismatch makes it unclear how secrets will be provided to the agent. Storing an API key in shell rc as recommended persists the secret in plaintext environment and may be inappropriate for some users.
Persistence & Privilege
The skill does not request always:true, does not modify system-wide settings, and is user-invocable only. It does not attempt to change other skills' configs or gain permanent elevated presence.
What to consider before installing
This skill's code matches an n8n API client, but the package metadata did not declare that it needs an API key or base URL. Before installing: (1) confirm the skill's source/maintainer (no homepage was provided); (2) supply N8N_API_KEY and N8N_BASE_URL only for a trusted n8n instance and prefer a short-lived or scoped key; (3) avoid adding secrets to shell rc files if you can — use a secure secret manager or the agent's secret storage; (4) inspect the included scripts (n8n_api.py) yourself — they only call the provided base URL with your API key, but the provenance mismatch is the main concern; (5) if you proceed, rotate the API key after use and limit its permissions where possible.

Like a lobster shell, security has layers — review code before you run it.

latestvk97avq1br089wckbb7zm359v3x7zwz16

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments