ClawAudit verdict

n8n-operator

45
🟠 Risky
Significant concerns — only install if you understand the risks

The skill requires credential access for N8N_API_KEY and uses network_out and network_in capabilities, which could be risky if not properly handled.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

93
security
90
transparency
90
maintenance

Findings (2)

Coarse signal — prose, single-step high

Instruction-prose smuggling shape detected: collects a sensitive target ("API Key") and emits it outward ("POST"). Phrased as prose with no trigger tokens — a semantic prompt-injection / data-exfil pattern the syntactic scanners can't see. Final tier capped at Caution; review the instructions before installing.

SKILL.md · | 问题 | 原因 | 解决 | |------|------|------| | 401 | API Key 无效 | 重新生成 | | 400 `active is read-only` | 传了 `active` | 不传,用 POST /activate | | 400 `tags is read-only`

Pattern match low

Python os.getenv — reads environment variable

scripts/n8n_api.py · prose · downgraded · os.getenv(

Permissions & capabilities

Requires 2 environment variables. (1 sensitive: N8N_API_KEY). Requires 1 system binary. (1 elevated: curl).

credential_accessnetwork_outnetwork_in

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API