Back to skill

Security audit

N8n Integration

Security checks across malware telemetry and agentic risk

Overview

This n8n bridge does what it claims, but it gives webhooks broad control over agent actions and callbacks with weak default authentication and under-scoped data handling.

Review carefully before installing. Use only on localhost or a protected network, set a strong unique N8N_AUTH_TOKEN, replace the example workflow token, restrict allowed workflows/actions, disable or sanitize telemetry for sensitive params, and allow callbacks only to trusted n8n URLs. Avoid granting N8N_API_KEY unless you need the broader workflow and credential API methods.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The header comment claims the server verifies request signatures, but the implementation only compares a static token in `_verifyRequest`. This mismatch can lead operators to rely on stronger authenticity guarantees than actually exist, increasing the chance of replayable or spoofed requests if the token is exposed or reused.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The workflow exposes a POST webhook at a fixed path and immediately forwards requester-controlled fields into an internal trigger endpoint, but the webhook itself shows no authentication, signature validation, IP restriction, or activation constraints. This allows unauthorized parties to invoke agent actions or abuse the workflow as a bridge into internal services, especially because user input is passed through with little validation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The integration sends the full workflow, action, and params objects to the observability system, which can expose sensitive user inputs, credentials, tokens, prompts, or business data to logs/tracing backends. In an agent integration layer, these parameters are likely to contain high-sensitivity content, and this file provides no sanitization, minimization, or consent boundary before export.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
`_callbackToN8n` posts workflow/action/result data to a caller-supplied `callbackUrl` with no allowlist or validation, creating an SSRF and data exfiltration primitive. An authenticated requester can force the server to send internal data or requests to arbitrary internal or external endpoints, and the skill context makes this more dangerous because it is explicitly a webhook bridge that handles automation results.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/webhook-server.js:25

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/webhook-server.js:25