Back to skill

Security audit

n8n

Security checks across malware telemetry and agentic risk

Overview

This n8n skill is purpose-aligned overall, but its “dry-run” testing actually triggers live workflow execution and the docs understate the risk of real production side effects.

Install only if you are comfortable giving the skill API-level control over your n8n instance. Use a staging n8n instance or least-privileged API key where possible, avoid sensitive test data, and treat dry-run, execute, activate, deactivate, and create commands as live operations that may send emails, call third-party APIs, alter databases, or interrupt business workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file-level description promises workflow testing and 'dry-runs', but the implementation calls execute_workflow against the n8n API and polls the resulting execution. This mismatch can mislead users into believing the operation is non-invasive, when it may trigger real external actions such as emails, database writes, webhooks, or other automations.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The method is exposed as 'dry_run' in the interface, but its own docstring states 'Execute workflow with test data', confirming the code performs a real run rather than a safe simulation. This contradictory naming increases the chance that operators invoke production workflows under a false assumption of harmlessness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to activate workflows and manually execute them without warning that these actions can trigger real side effects such as sending emails, posting messages, modifying records, or calling third-party APIs. In an automation context like n8n, that omission increases the chance of unintended production actions during testing or debugging.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README tells users to export an API key in an environment variable but provides no guidance on secure handling, least privilege, or avoiding accidental disclosure through shell history, logs, screenshots, or shared environments. While this is common setup documentation, the lack of basic credential-safety guidance can contribute to secret exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation encourages activating and deactivating workflows without a clear warning that these actions affect live production automations and may interrupt business processes or trigger unintended downstream behavior. In an agent setting, missing confirmation guidance materially raises the risk of accidental operational changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Manual execution is documented as a routine action, but there is no warning that executing a workflow can send real emails, call third-party APIs, modify databases, or otherwise cause irreversible side effects. Because n8n workflows often bridge many external systems, omitting that warning makes accidental harmful execution significantly more likely.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The client exposes destructive and state-changing operations such as create, update, delete, activate, deactivate, and execute without any built-in confirmation, dry-run safeguard, or explicit warning at the CLI boundary. In an agent skill context, this increases the chance of accidental or prompt-induced workflow changes or executions against a live n8n instance, potentially disrupting automations or triggering downstream side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
User-provided test data is forwarded directly to the n8n API for workflow execution without an explicit warning that the data leaves the local environment and may be processed by remote systems. In this skill context, workflows commonly interact with third-party services, so sending test payloads can expose sensitive data and trigger unintended real-world actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.