ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

N8n Workflow Automation.Local.Backup

Designs and outputs n8n workflow JSON with robust triggers, idempotency, error handling, logging, retries, and human-in-the-loop review queues. Use when you...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 35 · 1 current installs · 1 all-time installs
by@12357851
fork of @KOwl64/n8n-workflow-automation (based on 1.0.0)
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and SKILL.md all consistently describe producing n8n workflow JSON with retries, logging, and review queues; the declared requirements (no env vars, no binaries, instruction-only) are proportionate. However, provenance is weak: no homepage/source is provided and the ownerId in the registry metadata (kn78...) does not match the ownerId in _meta.json (kn7crz...), which may indicate repackaging or metadata errors and reduces trust.
Instruction Scope
SKILL.md stays on scope: it describes inputs, what to ask the user for, safety guidance (do not emit secrets, ask when creds are unknown), and explicitly defaults to read-only output unless JSON is requested. It does not instruct reading system files or accessing unrelated credentials.
Install Mechanism
No install spec and no code files — instruction-only — so nothing will be written to disk or downloaded during install. This is the lowest-risk install model.
Credentials
The skill does not require any environment variables or credentials. It sensibly instructs to reference env var names rather than embedding secrets. There is no unjustified request for unrelated credentials.
Persistence & Privilege
always is false (not force-included) and the skill does not request persistent system privileges or modify other skills. Autonomous model invocation is allowed (default) but that is normal; the skill itself does not request elevated persistence.
What to consider before installing
This skill appears to correctly describe and produce n8n workflow JSON and runbooks and asks for no credentials or installs, which is low risk — but its provenance is weak (no homepage/source) and there is an ownerId mismatch in the packaged metadata. Before installing or importing generated workflows: 1) Do not paste production secrets into prompts; verify the skill references env var names rather than embedding secrets. 2) Inspect any workflow.json output before importing into n8n to ensure it contains no unexpected external endpoints, hard-coded credentials, or privileged actions. 3) Test in a staging environment and validate idempotency, retry branches, and review-queue behavior. 4) Ask the publisher for provenance or a homepage; if you cannot verify the owner, prefer manual use (copy-paste workflow after inspection) or restrict the agent so the skill cannot run autonomously. 5) If you plan to use credential references, confirm credential naming and least-privilege scopes in your environment first.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9710f9b5pbpds8prfcpew6t31834v49

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

n8n workflow automation with retries, logging, and review queues

PURPOSE

Designs and outputs n8n workflow JSON with robust triggers, idempotency, error handling, logging, retries, and human-in-the-loop review queues.

WHEN TO USE

  • TRIGGERS:
    • Build an n8n workflow that runs every Monday and emails the compliance summary.
    • Add error handling and retries to this workflow, plus a review queue for failures.
    • Create a webhook workflow that logs every run and writes a status row to a tracker.
    • Make this n8n flow idempotent so it does not duplicate records when it reruns.
    • Instrument this workflow with audit logs and a human approval step.
  • DO NOT USE WHEN…
    • You need code-only automation without n8n (use a scripting/CI skill).
    • You need to bypass security controls or hide audit trails.
    • You need to purchase or recommend prohibited items/services.

INPUTS

  • REQUIRED:
    • Workflow intent: trigger type + schedule/timezone + success criteria.
    • Targets: where to write results (email/Drive/Sheet/DB) and required fields.
  • OPTIONAL:
    • Existing n8n workflow JSON to modify.
    • Sample payloads / example records.
    • Definition of dedup keys (what makes a record unique).
  • EXAMPLES:
    • Cron: Monday 08:00 Europe/London; send summary email + Drive upload
    • Webhook: receive JSON; route to folders

OUTPUTS

  • Default (read-only): a workflow design spec (nodes, data contracts, failure modes).
  • If explicitly requested: workflow.json (n8n importable JSON) + runbook.md (from template). Success = workflow is idempotent, logs every run, retries safely, and routes failures to a review queue.

WORKFLOW

  1. Clarify trigger:
    • Cron/webhook/manual; schedule/timezone; concurrency expectations.
  2. Define data contract:
    • input schema, required fields, and validation rules.
  3. Design idempotency:
    • choose dedup key(s) and storage (DB/Sheet) to prevent duplicates on retries.
  4. Add observability:
    • generate run_id, log start/end, store status row and error details.
  5. Implement error handling:
    • per-node error branches, retry with backoff, and final failure notification.
  6. Add human-in-the-loop (HITL) review queue:
    • write failed items to a queue (Sheet/DB) and require approval to reprocess.
  7. “No silent failure” gates:
    • if counts/thresholds fail, stop workflow and alert.
  8. Output:
    • If asked for JSON: produce importable n8n workflow JSON + runbook.
  9. STOP AND ASK THE USER if:
    • destination systems are unknown,
    • no dedup key exists,
    • credential strategy (env vars) is not specified,
    • the workflow needs privileged access not yet approved.

OUTPUT FORMAT

If outputting n8n workflow JSON, conform to:

{
  "name": "<workflow name>",
  "nodes": [ { "name": "Trigger", "type": "n8n-nodes-base.cron", "parameters": {}, "position": [0,0] } ],
  "connections": {},
  "settings": {},
  "active": false
}

Also output runbook.md using assets/runbook-template.md.

SAFETY & EDGE CASES

  • Read-only by default; only emit workflow JSON when explicitly requested.
  • Do not include secrets in JSON; reference env vars/credential names only.
  • Include audit logging + failure notifications; avoid workflows that can silently drop data.
  • Prefer least privilege: call only required APIs and minimize scopes.

EXAMPLES

  • Input: “Cron every Monday, email compliance summary, retry failures.”
    Output: Node map + workflow.json with Cron → Fetch → Aggregate → Email, plus error branches to review queue.

  • Input: “Webhook that logs runs and writes status row.”
    Output: Webhook → Validate → Process → Append status row; on error → log + notify + queue.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…