Env credential access
Critical
- Finding
- Environment variable access combined with network send.
N8n Integration
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches an n8n webhook integration, but it exposes broad agent/API actions with weak/default token handling and unbounded callback destinations that users should review carefully.
Before installing, set a strong N8N_AUTH_TOKEN, keep the webhook server private, restrict which n8n workflows/actions may invoke the agent, review any use of N8N_API_KEY, and only allow callbacks to trusted n8n URLs.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the webhook token is exposed or the n8n workflow is misconfigured, a remote workflow could make the connected agent perform unintended actions.
Why it was flagged
An authenticated webhook request can choose the workflow, action, and parameters that are passed directly to the configured agent executor, with no visible allowlist, per-action confirmation, or containment.
Skill content
const { workflow, action, params, callbackUrl } = req.body; ... result = await this.options.executor.execute(workflow, action, params);Recommendation
Use a strong unique token, keep the server bound to localhost or a protected network, and add an explicit allowlist for permitted workflows/actions before connecting powerful agents.
What this means
A known default token can let unintended callers trigger agent work if the server is reachable beyond the local machine.
Why it was flagged
The server falls back to a public, documented default token for authentication, which materially weakens the permission boundary if users do not set N8N_AUTH_TOKEN.
Skill content
authToken: options.authToken || process.env.N8N_AUTH_TOKEN || 'n8n-webhook-token'
Recommendation
Require users to set a strong N8N_AUTH_TOKEN and fail closed when no token is configured, especially for any non-local deployment.
What this means
If used, the skill may have more n8n account power than a user expects from a webhook-only integration.
Why it was flagged
The included API client can use an n8n API key to create/update/delete workflows and list credentials, but SKILL.md and metadata do not clearly disclose this broader account authority.
Skill content
this.apiKey = options.apiKey || process.env.N8N_API_KEY; ... async saveWorkflow(workflow) ... async deleteWorkflow(workflowId) ... async listCredentials()
Recommendation
Document N8N_API_KEY usage, declare the credential in metadata, and separate or gate destructive API methods such as deleteWorkflow behind explicit user confirmation.
What this means
A misconfigured or malicious callback URL could receive agent output and the webhook token, or cause the server to make unintended network requests.
Why it was flagged
The callback destination is supplied by the incoming request, and the code posts agent results plus the webhook token to that URL without validating the destination.
Skill content
if (callbackUrl) { await this._callbackToN8n(callbackUrl, { workflow, action, result }); } ... 'X-N8N-Token': this.options.authTokenRecommendation
Validate callback URLs against an allowlist, avoid sending the server auth token to arbitrary callback destinations, and document exactly what data is returned.
What this means
Users have less provenance information for verifying where the runnable package came from.
Why it was flagged
The package contains runnable Node.js files and SKILL.md documents npm-based setup, but the registry metadata does not provide a source/homepage or install specification.
Skill content
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Recommendation
Install only from a trusted registry/source, and ask the publisher to add a verifiable repository, install spec, and declared runtime requirements.