ClawHub

Reef n8n Automation

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only n8n workflow-building skill whose local n8n, template, API-key, and credential references are disclosed and mostly aligned with its stated purpose.

Before installing, treat this as a workflow-authoring helper rather than a fully isolated automation sandbox. Inspect any template workflow before importing it, keep API keys in n8n credentials or environment variables, use separate client-owned credentials, and manually approve activation of scheduled or webhook workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The skill states that all outputs should go to workspace/artifacts, yet later instructs starting n8n with logs redirected to /tmp and using an unconstrained local file path for workflow import. This inconsistency weakens output containment and auditability, making it easier for artifacts or sensitive logs to be written outside the expected workspace boundary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API import example uses an authentication header with $N8N_API_KEY but does not warn that the key is sensitive, should not be hardcoded, logged, or reused across clients. In a skill intended to build client workflows, omission of safe secret-handling guidance increases the chance of credential leakage or misuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document advertises preconfigured credentials, including a specific Twilio credential ID, without warning against reuse or clarifying tenant separation. In a multi-client automation context, this encourages cross-client credential reuse and could expose one client's messaging account, data, or billing to another workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal