n8n_list_workflows - filter by active, tags, name (substring), limit. Returns id, name, active state, tags, updatedAt.

n8n_get_workflow - fetch one by id. Returns metadata by default. Pass includeDefinition: true for the full node graph + connections.

n8n_list_executions - filter by workflowId, status (success/error/running/waiting/canceled), limit. Returns id, workflowId, workflowName, status, mode, startedAt, stoppedAt.

n8n_get_execution - includes per-node run log (truncated to maxExecutionLogBytes, default 64 KB) and the raw error object verbatim when status is error. Pass includeRunData: false to skip the run log.

n8n_search_executions - defaults to scanning status=error executions for a query fragment (e.g. ECONNREFUSED) and returning matches with workflow context + a snippet around each hit. scope: "error" (default) greps the error payload only; scope: "all" also greps full per-node run data (slower, may return node outputs - treat snippets as sensitive). Optional workflowId, status, limit (default 50, max 250), maxMatches (default 20), snippetChars (default 160). Returns matches plus a skipped array for any execution that failed to fetch.

n8n_list_webhooks - scans workflows for webhook and form-trigger nodes and returns their paths + fully-formed triggerUrl. Pairs with n8n_trigger mode='webhook'. Optional workflowId, activeOnly (default true), limit (default 50).

n8n_validate_workflow - checks for deprecated node types (function → code), legacy Code-node API ($node[], items global, require()), orphan nodes, disabled nodes, missing trigger. Returns issues with severity (error/warning/info) plus a summary count.

n8n_list_schedules - scans n8n-nodes-base.scheduleTrigger and the legacy n8n-nodes-base.cron nodes across workflows and decodes each interval rule into a human-readable string. Answers "what's running at 3am?" without clicking through the n8n UI. Supported rule fields: seconds / minutes / hours / days / weeks / months (with triggerAtHour, triggerAtMinute, triggerAtDay, triggerAtDayOfMonth) and raw cronExpression. One entry per interval — multi-interval rules emit multiple rows. Each row includes workflowId, workflowName, active, nodeName, nodeType, schedule, field, optional cronExpression, and the original raw rule for further inspection. Optional workflowId (single-workflow scan), activeOnly (default true — inactive schedules don't fire), limit (default 100, max 250).

n8n_diff_workflow - compare a workflow's current state against a snapshot. Pass id plus exactly one of snapshotPath (absolute path; ~ resolved) or snapshot (inline object). Snapshot accepts both shapes: the flat backup written by n8n_save_workflow / n8n_delete_workflow, and the nested n8n_get_workflow(includeDefinition=true) shape (graph data under definition). Returns summary (counts: added/removed/modified/nameChanged/connectionsChanged/settingsChanged) plus diff with per-node fieldsChanged paths (e.g. parameters.command, parameters.url, disabled). Node matching is two-pass: id first, then name fallback for any unmatched nodes — handles legacy/hand-edited snapshots. Cosmetic changes (position, webhookId) are suppressed by default; pass ignoreCosmetic: false to surface them. Per-node detail is capped at maxModifiedDetails (default 50, max 500); summary.nodesModified counter is uncapped and diff.nodesModifiedTruncated: true flags when detail was clipped. Read-only.

n8n_audit_browser_bridge_usage - scans every workflow for nodes that invoke the browser-bridge CLI. Inspects command (Execute Command + SSH nodes) and jsCode / pythonCode / functionCode (Code + legacy Function nodes). Heuristic: \bbrowser-bridge\.[cm]?js followed by two kebab-slug args; the bare bin form is intentionally not detected to avoid false positives from path mentions like cd /opt/browser-bridge. Returns one finding per (workflowId, nodeName, platform, action) plus a summary of platform×action counts. Optional platform, action, activeOnly (default false), includeArchived (default false), maxWorkflows (default 250, max 1000), concurrency (default 3, max 8). Read-only. Pairs with n8n_scaffold_browser_bridge_node when you need to add another call. Companion repo: browser-bridge.

n8n_scaffold_browser_bridge_node - pure local generator (no n8n API call). Given platform, action, optional input JSON, and mode: "code-node" | "execute-command" (default code-node), emits a ready-to-paste n8n node JSON that mirrors browser-bridge's docs/n8n-usage.md patterns. The Code node uses spawnSync with stdin JSON and surfaces payload.exitCode + stderr so downstream nodes can branch on ok. The Execute Command node uses a quoted <<'JSON' heredoc so the input passes through unmangled. Optional bridgeDir (default /home/clawdbot/.openclaw/workspace/pipeline/work/browser-bridge), nodeName, position. Platform/action are validated as kebab slugs - keeps them safe to interpolate into the shell command. Warns when execute-command is used with non-empty input (heredoc bakes the JSON in; no per-item upstream wiring).

n8n_trigger - two modes:

• mode: "webhook" + webhookPath - POST (or GET/PUT/DELETE) to the configured base URL + path, with an optional JSON payload. This is the reliable path.
• mode: "workflow" + workflowId - attempts POST /api/v1/workflows/:id/execute. Pre-checks that the workflow is active and has a webhook/manual/form trigger. Most n8n builds don't expose this endpoint on the Public API and will 405; the tool surfaces a hint to switch to webhook mode.

n8n_create_workflow - POST /workflows. Accepts the full output of n8n_get_workflow (with includeDefinition=true) directly. Strips read-only fields (id, active, createdAt, updatedAt, isArchived, versionId, triggerCount, tags, shared, meta, pinData) before POSTing - n8n enforces additionalProperties: false on the workflow schema and will 400 on any readOnly field. Runs n8n_validate_workflow on the proposed state as a pre-check; errors block, warnings pass through (pass skipValidation: true to bypass). No confirm gate - creation is non-destructive. The new workflow is created INACTIVE; call n8n_activate afterwards if you want triggers running. This is the primary restore path for n8n_delete_workflow snapshots: read the backup file into definition and call this tool. The restored workflow gets a new id.

n8n_activate / n8n_deactivate - idempotent. Deactivating does not cancel running executions.

n8n_save_workflow - before writing: fetches the current version, snapshots it to backupDir as <id>-<timestamp>.json (mode 0600), runs validateWorkflow on the proposed state, and aborts on error-severity issues (pass skipValidation: true to bypass). Requires confirm: true to actually PUT; calling with confirm: false returns ok: false and never touches the API (omitting confirm is rejected at the MCP schema layer). Response includes the backup path and a restoreHint.

n8n_archive_workflow - POST /workflows/{id}/archive. Soft-deletes a workflow: triggers stop firing, the workflow disappears from the default UI list, but the definition and execution history are preserved. Idempotent (archiving an already-archived workflow returns the current state). No confirm gate - this is the safe cleanup path. Archiving deactivates as a side effect; the response surfaces active: false explicitly. Returns ok: false with reason: "not_found" on 404.

n8n_unarchive_workflow - POST /workflows/{id}/unarchive. Restores an archived workflow. Does NOT reactivate - triggers stay off until you call n8n_activate explicitly. Returns ok: false with reason: "not_found" on 404.

n8n_delete_workflow - DELETE /workflows/{id}. Permanent, irreversible. Before firing the DELETE: fetches the current workflow and snapshots it to backupDir as <id>-DELETED-<timestamp>.json (mode 0600). If the snapshot can't be written, the DELETE is aborted - there is no un-safety-netted path. Requires confirm: true; omitting it or passing false returns ok: false and never touches the API. Returns ok: false with reason: "not_found" on 404 (either before or after the snapshot). Restore is one-call via n8n_create_workflow with the snapshot contents; the restored workflow gets a new id and is created inactive. Deleting does NOT cancel running executions - use n8n_list_executions(workflowId, status='running') + n8n_cancel_execution first if needed. Prefer n8n_archive_workflow for cleanup if you want to preserve the original id.

n8n_cancel_execution - POST /executions/{id}/stop. Closes the triage loop after n8n_search_executions locates a stuck run. Returns a success summary with the execution's final status, or ok: false with reason: "not_found_or_finished" if the id no longer matches a running execution (404).

n8n_retry_execution - POST /executions/{id}/retry. Creates a NEW execution - the response surfaces both originalExecutionId and newExecutionId so agents can follow up with n8n_get_execution on the retry. Optional loadWorkflow: true retries against the currently saved workflow instead of the version captured at original execution time. Returns ok: false with reason: "not_found" on 404 or reason: "not_retryable" on 409 (e.g. still running); all other API errors rethrow.

n8n_delete_execution - DELETE /executions/{id}. Permanently removes an execution record: logs, per-node run data, and error payloads are erased from n8n. Requires confirm: true to actually delete; calling with confirm: false returns ok: false and never touches the API (omitting confirm is rejected at the MCP schema layer). Returns ok: false with reason: "not_found" on 404; all other API errors rethrow. Not idempotent from an agent's perspective: the record is gone after the first successful call, so fetch n8n_get_execution first if you may need it later.

n8n_pin_node_data - pin sample data to a node so downstream nodes use it during testing/development without re-running the upstream node. Pairs naturally with n8n_scaffold_browser_bridge_node: scaffold a browser-bridge call, run it once, capture the output, pin it, then iterate on downstream nodes without re-spawning the browser. Inputs: id, nodeName (case-sensitive, must match an existing node), data (1-50 items; raw objects are auto-wrapped into {json: <object>}, items already shaped as {json: ..., binary?: ...} pass through unchanged), optional merge: true to append to existing pinned data instead of replacing (combined still capped at 50), confirm: true. Issues PUT /workflows/{id} with merged pinData plus the existing nodes/connections/settings/staticData (so the PUT does not blank them). Pinned data persists across executions until cleared — easy to forget; the response includes an unpinHint.

n8n_unpin_node_data - clear pinned data on one node (when nodeName is supplied) or the whole workflow (when omitted). Idempotent: clearing a node that wasn't pinned returns ok: true with noop: true and never touches the API. When clearing actually happens, the PUT includes the rest of the workflow body so other fields are not blanked. Requires confirm: true.

n8n_delete_executions - batch form. Client-side fan-out over DELETE /executions/{id} with bounded concurrency (default 3, max 10). Takes an ids array (deduped before fan-out, capped at 50), requires confirm: true. Response surfaces requested/attempted/deleted/alreadyDeleted/failed/skipped/aborted counters plus a results: Array<{id, ok, reason?, message?}> - order is completion order, not input order, so look up by id. 404 per id is treated as already_deleted (idempotent). A 5xx on any id aborts the batch via an AbortController: no new ids are claimed and any already-in-flight fetches are cancelled client-side. Under concurrency N, up to N-1 deletes may have already reached the server before the 5xx is observed, so the batch is best-effort, not transactional - clear signal the server is sick; don't retry blindly. Per-id error messages are passed through the API-key redactor. Compose with n8n_search_executions to purge a known set of noisy runs in one call.

n8n_retry_executions - batch form of retry. Same fan-out shape as n8n_delete_executions: bounded concurrency (default 3, max 10), capped at 50 ids, AbortController on 5xx, results in completion order. Differs in two ways: 404 per id is { ok: false, reason: "not_found" } (NOT idempotent — a missing execution is a real failure to surface), and each successful retry creates a NEW execution whose id is returned per row as newExecutionId. Counters: requested/attempted/retried/notFound/failed/skipped/aborted. Optional loadWorkflow: true retries every id against the currently saved workflow instead of the captured version. Confirm-gated — each retry runs the workflow again and may re-trigger side effects (HTTP calls, DB writes); verify the workflow is safe to re-run before confirming.

n8n_run_audit - POST /audit. Runs n8n's built-in security audit and returns one risk report per requested category: credentials (unused/abandoned), database (SQL-injection-prone expressions in query nodes), nodes (community/unofficial nodes), filesystem (host fs access from nodes), instance (insecure server settings). Each report has risk, sections (with title/description/recommendation/location). The tool also surfaces a flat reports array with per-report sectionCount/locationCount so an agent can decide what to drill into without reparsing the whole audit. Optional categories (omit for all five) and daysAbandonedWorkflow (n8n default 90). Read-only — n8n only inspects, never mutates. Requires the API user to be an instance admin or owner (n8n's audit endpoint enforces this).

n8n_find_workflows_using_node_type - composed read-only scanner. Walks every workflow (paginated, capped at maxWorkflows, default 250 / max 1000) and emits one finding per node matching the requested type. match: "exact" (default) is full-string equality on node.type; match: "contains" is case-insensitive substring (handy for "all Slack nodes across base + community packages"). Optional activeOnly (default false), includeArchived (default false), includeDisabledNodes (default true — disabled nodes are common drift signals worth surfacing), concurrency (default 3, max 8). Returns per-node findings plus a per-workflow summary sorted by match count descending. Per-workflow fetch errors land in fetchErrors instead of failing the whole scan. Pairs with n8n_audit_browser_bridge_usage (which schedules drive my browser-bridge calls?) and n8n_run_audit (which deprecated nodes need replacing?).

n8n_execution_stats - composed read-only aggregator over n8n_list_executions. Per-workflow counts (total/success/error/canceled/running/waiting/other), failure rate (error / (success + error + canceled)), avg + p95 runtime over completed executions, and lastFailureAt / lastSuccessAt. Optional workflowId (single-workflow stats), sinceHours (default 24, max 168 = 7d), maxExecutions (default 1000, max 5000), pageSize (default 250). Pagination stops on the first execution older than the window OR at maxExecutions; stoppedReason is one of "window", "cap", "exhausted". If truncated: true, increase maxExecutions or narrow sinceHours. The totals object includes the same counts + failureRate rolled across all workflows in the window. Useful for "which workflows are flaky?" and "what's running long?"

n8n_list_tags - GET /tags. Returns { data: [{id, name, createdAt, updatedAt}], nextCursor }. Optional limit (default 100, max 250) and cursor (from a previous call's nextCursor). Read-only.

n8n_get_workflow_tags - GET /workflows/{id}/tags. Returns the array of tag objects currently attached. Pairs with n8n_set_workflow_tags for diffs and reattach flows.

n8n_create_tag - POST /tags. No confirm gate — creating a tag is reversible via n8n_delete_tag and harmless on its own. The name is trimmed before send. Returns ok: false with reason: "conflict" on 409 (tag with this name already exists); use n8n_list_tags to find the existing id.

n8n_delete_tag - DELETE /tags/{id}. Confirm-gated. Cascades: n8n removes the tag from every workflow it was attached to. The workflows themselves are NOT deleted, only the tag association. Returns ok: false with reason: "not_found" on 404. To find affected workflows beforehand, use n8n_list_workflows(tags=<name>) or scan n8n_get_workflow_tags.

n8n_set_workflow_tags - PUT /workflows/{id}/tags. REPLACES the workflow's tag set (not append) — pass the full desired list. Empty tagIds: [] clears all tags. Tag ids are deduped before send. No confirm gate (reversible by re-setting). Returns ok: false with reason: "not_found" on 404 (the workflow id OR one of the tag ids does not exist; verify both with n8n_list_workflows and n8n_list_tags).

Hermes Agent reads MCP config from ~/.hermes/config.yaml:

mcp_servers:
  n8n:
    command: "n8n-ops-mcp"
    env:
      N8N_BASE_URL: "http://localhost:5678"
      N8N_API_KEY: "your-api-key-here"

Then reload from inside a session:

/reload-mcp

If you want to point OpenClaw at a local clone instead of the registry:

{
  "plugins": {
    "allow": ["n8n"],
    "load": {
      "paths": ["/absolute/path/to/n8n-ops-mcp"]
    },
    "entries": {
      "n8n": {
        "enabled": true,
        "config": {
          "baseUrl": "http://your-n8n-host:5678",
          "enableEdit": false
        }
      }
    }
  }
}