Back to plugin

Security audit

Package

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real n8n operations plugin whose access to n8n workflows, executions, tags, audits, and an n8n API key matches its stated purpose.

If you install this, treat it as giving your agent operational visibility into your n8n instance. Keep enableEdit disabled unless you want the agent to create, modify, retry, cancel, archive, or delete workflows/executions/tags. Use an n8n API key intended for this purpose, point baseUrl only at your real n8n instance, and avoid configuring apiKeyEnv to any unrelated secret. Be aware that execution logs, webhook URLs, and workflow definitions may contain sensitive data.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/mcp-server.js:2295
Evidence
while ((m = re.exec(text)) !== null) {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/tools/scaffold-browser-bridge-node.ts:191
Evidence
`const proc = spawnSync('node', ['bin/browser-bridge.js', PLATFORM, ACTION], {\n` +

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/mcp-server.js:420
Evidence
const fromEnv = (process.env[config.apiKeyEnv] ?? "").trim();