B15/100
n8n-mcp-server
mcp0.1.8MCP server that provides tools and resources for interacting with n8n API
By leonardsellem | 2 findings | Scanned 3/22/2026 | tooltrust-scanner/v0.1.15
1 High1 Medium
Security Findings (2)
- HighRug-Pull (Post-Install Description Change)
Tool set changed silently at v0.1.8: 1 tool(s) added, 27 tool(s) removed without a version bump.
+ 1 added
create_workflow− 27 removed
n8n_activate_workflown8n_create_credentialn8n_create_tagn8n_create_workflown8n_deactivate_workflown8n_delete_credentialn8n_delete_executionn8n_delete_tagn8n_delete_usern8n_delete_workflown8n_execute_workflown8n_get_credential_scheman8n_get_executionn8n_get_tagn8n_get_usern8n_get_workflown8n_get_workflow_tagsn8n_list_executionsn8n_list_tagsn8n_list_usersn8n_list_workflowsn8n_retry_executionn8n_update_credentialn8n_update_tagn8n_update_user_rolen8n_update_workflown8n_update_workflow_tagsRule: AS-012Fix: The set of tools exposed by this server changed between scans of the same version — a sign the package was silently updated without a version bump. Audit the changelog and all tool definitions before trusting this server. Pin to a specific commit hash rather than a floating version tag. - MediumExcessive Permission Surface
create_workflow:tool declares fs permission
Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
Scan this tool yourself
Reproduce this audit locally or block risky tools in CI.
Install once, then scan any MCP server:
$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash$ tooltrust-scanner scan --server "npx -y n8n-mcp-server"Adjust the package name if your npm registry name differs from the tool ID. View source
Add badge to your README
Copy this Markdown to show your ToolTrust grade on GitHub.
[](https://github.com/AgentSafe-AI/tooltrust-directory)