ClawHub

N8n Automation Secure

v1.0.0

Secure n8n workflow automation integration for coding tasks. This skill implements enterprise-grade security with credential isolation, input validation, aud...

0· 17·0 current·0 all-time
by@nelmaz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description claim secure n8n integration and the SKILL.md, README, and _meta.json consistently require only N8N_URL and N8N_API_KEY and document calling the n8n REST API. Required env vars and referenced tools (curl, jq, openssl in docs) are appropriate for this purpose.
Instruction Scope
Runtime instructions focus on validating configuration, calling n8n API endpoints, and writing audit logs under /data/.openclaw/logs. Documentation also includes optional housekeeping commands (searching for credentials, pushing code to GitHub) which are user-invoked guidance rather than automatic steps; review the included validate-setup.sh before running it to confirm it only performs the described checks.
Install Mechanism
No install spec is present (instruction-only) and no remote downloads are requested. A local validation script (scripts/validate-setup.sh) is provided; this is the only executable artifact. That lowers supply-chain risk, but you should inspect that script before execution.
Credentials
Only two environment variables (N8N_URL and N8N_API_KEY) are required, which directly map to the declared functionality. Optional env vars (permission mode, rate limits) are documented and reasonable. There are no unexplained secret requests.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It documents writing audit logs to /data/.openclaw/logs and suggests runtime validation; these are within its scope and do not modify other skills or global agent configs.
Assessment
This skill appears coherent for integrating with n8n, but take these precautions before installing or running it: 1) Inspect scripts/validate-setup.sh (and any executable in the repo) to confirm it only checks env vars, connectivity, and creates log directories as documented. 2) Run validation in an isolated/test environment first (readonly permission mode recommended). 3) Keep N8N_API_KEY and N8N_URL as environment variables (do not store in skill configs) and rotate keys regularly. 4) Confirm the audit log path (/data/.openclaw/logs/n8n-audit.log) is writable only by intended accounts and does not leak sensitive data. 5) Be cautious before following the repository push instructions — pushing to GitHub will publish code externally. If you want higher assurance, request the full validate-setup.sh contents or a code review from a trusted party; doing that could raise this confidence to high.

Like a lobster shell, security has layers — review code before you run it.

latestvk9775fkp0jxxd6vqt32kx252gd84gk8q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis
EnvN8N_URL, N8N_API_KEY

Comments