← Back to Skills Marketplace

N8n Operator

Name: N8n Operator
Author: lujun2508

by lujun2508 · GitHub ↗ · v2.0.1 · MIT-0

cross-platform ⚠ suspicious

167

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install n8n-operator

Description

n8n 工作流助手 - 通过 REST API 设计、创建、修改和管理 n8n 工作流。适合：自动化工程师、DevOps、流程编排。

Usage Guidance

This skill appears to implement an n8n REST operator, but exercise caution: 1) Review the included Python scripts before use — they expect Python and the 'requests' package (these deps are not declared). 2) Do NOT blindly follow instructions that modify your OpenClaw agent files (e.g., C:\Users\<user>\.openclaw\cron\jobs.json) or that mount your Desktop into containers or run containers as root unless you understand and accept the security implications. 3) Restrict the N8N_API_KEY to a test/dedicated n8n instance and limit its privileges. 4) If you only need API operations, prefer running the client code in an isolated environment (separate VM/container) and avoid host filesystem mappings. 5) If you plan to install, audit the scripts for any file reads/writes or outgoing network calls beyond the n8n API, and add explicit python runtime and dependency declarations before executing. If you are unsure, treat this skill as untrusted until you validate the code and remove or modify instructions that alter host agent config or expose host files.

Capability Analysis

Type: OpenClaw Skill Name: n8n-operator Version: 2.0.1 The skill bundle provides a comprehensive toolkit for managing n8n workflows via REST API, including Python scripts for API interaction (n8n_api.py) and performance analysis (n8n_optimizer.py). It is classified as suspicious because it contains instructions in SKILL.md and references/desktop-write.md that encourage high-risk system configurations, such as running Docker containers as root (user: '0:0'), bypassing n8n sandboxes to write directly to the host's desktop, and directing the AI agent to manually edit local configuration files at specific hardcoded paths (C:\Users\lujun\.openclaw\cron\jobs.json). While these capabilities are aligned with the stated purpose of advanced workflow automation, they introduce significant security risks and represent a broad attack surface if the agent is exploited via prompt injection.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

Name/description, required env vars (N8N_BASE_URL, N8N_API_KEY), and curl usage are coherent for an n8n REST operator. However, the bundle includes multiple Python scripts (clients, optimizer, tester) which assume a Python runtime and the 'requests' library, but SKILL metadata only declares curl and does not declare Python or Python deps—this is an inconsistency. Some included reference docs (desktop-write.md) provide container and host mapping guidance that expand scope beyond pure API management.

⚠ Instruction Scope

SKILL.md instructs the agent and user to edit local agent/system files (e.g., C:\Users\lujun\.openclaw\cron\jobs.json) and to modify docker-compose to map a user's Desktop into an n8n container and run the container as root. Those steps reference host-specific paths and grant host filesystem access to workflows — actions outside the narrow purpose of managing workflows via REST and risky for user systems. The instructions also hardcode a specific user path and recommend modifying OpenClaw agent cron files, which is out-of-scope and potentially dangerous.

✓ Install Mechanism

This is instruction-only with no install spec (no downloads, no archive extraction), which is lowest-risk for installation. However, runtime behavior may require Python and third-party libraries present on the host; those dependencies are not declared.

ℹ Credentials

Requested environment variables (N8N_BASE_URL, N8N_API_KEY) are appropriate and expected for n8n REST access. No unrelated secrets are requested. Minor proportionality issue: the skill's files expect a Python runtime (and network access) but the declared required binaries do not include python/python3 or declare the 'requests' library.

⚠ Persistence & Privilege

always is false (good). But SKILL.md explicitly tells users/agents to edit the OpenClaw cron jobs.json and to map host desktop directories into containers, effectively encouraging persistent host-level modifications and broad filesystem access. The skill also suggests running containers as root; combined with writing to host Desktop this increases privilege and persistence risk.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install n8n-operator
After installation, invoke the skill by name or use /n8n-operator
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.1

新增：n8n 写入 Windows 桌面文件配置（desktop-write.md）+ 实战教训 fs模块被屏蔽解决方案

v1.4.0

- Updated environment variable example: replaced old demo API Key in N8N_API_KEY with a new sample value. - No functional or API changes—documentation update only.

v1.3.0

n8n-operator 1.3.0 introduces script tools for API automation and workflow testing. - Added n8n API Python wrapper (scripts/n8n_api.py) - Added workflow optimizer script (scripts/n8n_optimizer.py) - Added workflow tester script (scripts/n8n_tester.py) - Added API reference documentation (references/references/api.md)

v1.2.0

n8n-operator 1.2.0 - Documentation (SKILL.md) structure and non-functional content were updated or maintained. - No functional or code-related changes were introduced in this update. - Version number in SKILL.md remains at 1.1.0 (no semantic update reflected inside documentation).

v1.1.0

n8n-operator 1.1.0 - Added detailed, step-by-step usage guide for managing n8n workflows via REST API, with real n8n 2.x compatibility notes and troubleshooting tips. - Included strict instructions for workflow creation, modification, activation, execution, and deletion, based on verified n8n 2.x REST API behaviors. - Documented environment variable requirements, authentication headers, and pre-connection checks for safe usage. - Provided full JSON request examples and API endpoint references for workflows and credentials management. - Outlined best practices and common pitfalls for API payload structure, especially with fields like active, tags, and node connections. - Clarified when to automatically activate this skill and the typical user requests that should trigger it.

Metadata

Slug n8n-operator

Version 2.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is N8n Operator?

n8n 工作流助手 - 通过 REST API 设计、创建、修改和管理 n8n 工作流。适合：自动化工程师、DevOps、流程编排。 It is an AI Agent Skill for Claude Code / OpenClaw, with 167 downloads so far.

How do I install N8n Operator?

Run "/install n8n-operator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is N8n Operator free?

Yes, N8n Operator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does N8n Operator support?

N8n Operator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created N8n Operator?

It is built and maintained by lujun2508 (@lujun2508); the current version is v2.0.1.

More Skills