Back to plugin
Pluginv0.13.0
ClawScan security
Package · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 6:15 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and configuration align with its stated n8n ops purpose; required access (n8n base URL + API key) is proportional and there are no hidden network downloads or unrelated credential requests.
- Guidance
- This package appears coherent for n8n ops: it needs your n8n base URL and API key so it can call the n8n HTTP API. Before enabling write features (enableEdit=true): - Prefer supplying the API key via an environment variable (apiKey left blank and set N8N_API_KEY or the configured apiKeyEnv) rather than embedding it inline. - Run in read-only mode first to inspect outputs — some queries (execution logs, search scope="all") can surface sensitive node outputs or error payloads. - Review and set backupDir (default ~/.n8n-backups) to a safe location with appropriate permissions; backups are created before destructive operations. - Note the README mentions an N8N_ENABLE_EDIT env var but the code uses the plugin config enableEdit — make sure you understand which knob your host uses to enable edits. - If you do not trust the package author, review the included source (present in the bundle) before installing, and test against a non-production n8n instance first.
Review Dimensions
- Purpose & Capability
- okThe package implements an n8n client and many read/write tools (list, trigger, audit, save, delete, retry, backups) which match the name/description. The code requires an n8n base URL and an API key (either inline or via an env var) — exactly what an n8n ops tool needs. No unrelated services, binaries, or hosts are requested.
- Instruction Scope
- noteTool instructions and code stay within n8n API interactions and local backup behavior. A caution: some read tools can return execution run-data or error payloads (and n8n_search_executions has a scope option that can return node outputs), so tool outputs may include sensitive data from workflows; the README/code warn about treating snippets as sensitive. Also the README references N8N_ENABLE_EDIT env var to show write tools, but the implementation actually uses the plugin config property enableEdit (minor inconsistency in control surface).
- Install Mechanism
- okNo remote download/install spec is included; the package provides source and a built dist/mcp-server.js. Nothing in the metadata indicates fetching arbitrary external archives or running installers. Dependencies are standard (modelcontextprotocol, zod, typebox).
- Credentials
- okThe only credential surface is the n8n API key (config.apiKey or an env var defaulting to N8N_API_KEY) and the baseUrl. That is appropriate and expected for a tool that talks to an n8n instance. No other unrelated secrets or system config paths are requested. Note: if you enable edit features, the plugin will write snapshots to backupDir (default ~/.n8n-backups) — consider filesystem permissions.
- Persistence & Privilege
- okalways is false and the skill does not request permanent agent-wide privileges. It may write workflow snapshots to the configured backupDir when performing saves or deletes, which is expected. The plugin does not modify other skills or global agent settings.