github-mirrors/n8n-skills
1
0
Fork 0
mirror of https://mirror.skon.top/github.com/czlonkowski/n8n-skills synced 2026-04-20 12:52:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Document n8n_manage_credentials and n8n_audit_instance tools (n8n-mcp v2.47.0)

Browse Source 
Add comprehensive documentation for two new n8n-mcp tools:
- n8n_manage_credentials: Full credential CRUD (list, get, create, update, delete)
  plus schema discovery (getSchema), with security notes on response stripping,
  log redaction, and get fallback behavior (v2.47.1)
- n8n_audit_instance: Security audit combining n8n built-in audit (5 risk
  categories) with custom deep scan (hardcoded secrets, unauthenticated webhooks,
  error handling, data retention)

Updated skills: n8n-mcp-tools-expert, n8n-validation-expert
Updated: CLAUDE.md, dist packages

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
czlonkowski
2026-04-04 13:15:36 +02:00
parent 6a6b618ab6
commit 2ee34c0eef
7 changed files with 280 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CLAUDE.md
View File

@@ -94,6 +94,12 @@ The n8n-mcp server provides these unified tools:
### Data Tables ### Data Tables
- `n8n_manage_datatable` - Manage data tables and rows (CRUD, filtering, dry-run) - `n8n_manage_datatable` - Manage data tables and rows (CRUD, filtering, dry-run)
### Credential Management
- `n8n_manage_credentials` - Full credential CRUD (list, get, create, update, delete) + schema discovery (`getSchema`)
### Security & Audit
- `n8n_audit_instance` - Security audit combining n8n built-in audit (5 risk categories) + custom deep scan (hardcoded secrets, unauthenticated webhooks, error handling, data retention)
### Templates ### Templates
- `search_templates` - Multiple modes (keyword, by_nodes, by_task, by_metadata) - `search_templates` - Multiple modes (keyword, by_nodes, by_task, by_metadata)
- `get_template` - Get template details - `get_template` - Get template details

BIN
dist/n8n-mcp-skills-v1.3.0.zip vendored
View File

Binary file not shown.

BIN
dist/n8n-mcp-tools-expert-v1.3.0.zip vendored
View File

Binary file not shown.

BIN
dist/n8n-validation-expert-v1.3.0.zip vendored
View File

Binary file not shown.

118
skills/n8n-mcp-tools-expert/SKILL.md
View File

@@ -1,6 +1,6 @@
--- ---
name: n8n-mcp-tools-expert name: n8n-mcp-tools-expert
description: Expert guide for using n8n-mcp MCP tools effectively. Use when searching for nodes, validating configurations, accessing templates, managing workflows, or using any n8n-mcp tool. Provides tool selection guidance, parameter formats, and common patterns. description: Expert guide for using n8n-mcp MCP tools effectively. Use when searching for nodes, validating configurations, accessing templates, managing workflows, managing credentials, auditing instance security, or using any n8n-mcp tool. Provides tool selection guidance, parameter formats, and common patterns.
--- ---
# n8n MCP Tools Expert # n8n MCP Tools Expert
@@ -18,7 +18,9 @@ n8n-mcp provides tools organized into categories:
3. **Workflow Management** → [WORKFLOW_GUIDE.md](WORKFLOW_GUIDE.md) 3. **Workflow Management** → [WORKFLOW_GUIDE.md](WORKFLOW_GUIDE.md)
4. **Template Library** - Search and deploy 2,700+ real workflows 4. **Template Library** - Search and deploy 2,700+ real workflows
5. **Data Tables** - Manage n8n data tables and rows (`n8n_manage_datatable`) 5. **Data Tables** - Manage n8n data tables and rows (`n8n_manage_datatable`)
6. **Documentation & Guides** - Tool docs, AI agent guide, Code node guides 6. **Credential Management** - Full credential CRUD + schema discovery (`n8n_manage_credentials`)
7. **Security & Audit** - Instance security auditing with custom deep scan (`n8n_audit_instance`)
8. **Documentation & Guides** - Tool docs, AI agent guide, Code node guides
--- ---
@@ -36,6 +38,8 @@ n8n-mcp provides tools organized into categories:
| `validate_workflow` | Checking complete workflow | 100-500ms | | `validate_workflow` | Checking complete workflow | 100-500ms |
| `n8n_deploy_template` | Deploy template to n8n instance | 200-500ms | | `n8n_deploy_template` | Deploy template to n8n instance | 200-500ms |
| `n8n_manage_datatable` | Managing data tables and rows | 50-500ms | | `n8n_manage_datatable` | Managing data tables and rows | 50-500ms |
| `n8n_manage_credentials` | Credential CRUD + schema discovery | 50-500ms |
| `n8n_audit_instance` | Security audit (built-in + custom scan) | 500-5000ms |
| `n8n_autofix_workflow` | Auto-fix validation errors | 200-1500ms | | `n8n_autofix_workflow` | Auto-fix validation errors | 200-1500ms |
--- ---
@@ -388,6 +392,8 @@ See [WORKFLOW_GUIDE.md](WORKFLOW_GUIDE.md) for:
- Workflow activation (activateWorkflow/deactivateWorkflow) - Workflow activation (activateWorkflow/deactivateWorkflow)
- n8n_deploy_template - n8n_deploy_template
- n8n_workflow_versions - n8n_workflow_versions
- n8n_manage_credentials (credential CRUD + schema discovery)
- n8n_audit_instance (security auditing)
--- ---
@@ -518,6 +524,106 @@ n8n_manage_datatable({
--- ---
## Credential Management
### n8n_manage_credentials
Unified tool for managing n8n credentials. Supports full CRUD operations and schema discovery.
**Actions**: `list`, `get`, `create`, `update`, `delete`, `getSchema`
```javascript
// List all credentials
n8n_manage_credentials({action: "list"})
// → Returns: id, name, type, createdAt, updatedAt (never exposes secrets)
// Get credential by ID
n8n_manage_credentials({action: "get", id: "123"})
// → Returns: credential metadata (data field stripped for security)
// Discover required fields for a credential type
n8n_manage_credentials({action: "getSchema", credentialType: "httpHeaderAuth"})
// → Returns: required fields, types, descriptions
// Create credential
n8n_manage_credentials({
action: "create",
name: "My Slack Token",
type: "slackApi",
data: {accessToken: "xoxb-..."}
})
// Update credential
n8n_manage_credentials({
action: "update",
id: "123",
name: "Updated Name",
data: {accessToken: "xoxb-new-..."},
type: "slackApi" // Optional, needed by some n8n versions
})
// Delete credential
n8n_manage_credentials({action: "delete", id: "123"})
```
**Security**:
- `get`, `create`, and `update` responses strip the `data` field (defense-in-depth)
- `get` action falls back to list+filter if direct GET returns 403/405 (not all n8n versions expose this endpoint)
- Credential request bodies are redacted from debug logs
**Best practices**:
- Use `getSchema` before `create` to discover required fields for a credential type
- The `data` field contains the actual secret values — provide it only on create/update
- Always verify credential creation by listing afterward
---
## Security & Audit
### n8n_audit_instance
Security audit tool that combines n8n's built-in audit with custom deep scanning of all workflows.
```javascript
// Full audit (default — runs both built-in + custom scan)
n8n_audit_instance()
// Built-in audit only (specific categories)
n8n_audit_instance({
categories: ["credentials", "nodes"],
includeCustomScan: false
})
// Custom scan only (specific checks)
n8n_audit_instance({
customChecks: ["hardcoded_secrets", "unauthenticated_webhooks"]
})
```
**Built-in audit categories**: `credentials`, `database`, `nodes`, `instance`, `filesystem`
**Custom deep scan checks**:
- `hardcoded_secrets` — Detects 50+ patterns for API keys, tokens, passwords (OpenAI, AWS, Stripe, GitHub, Slack, etc.) plus PII (email, phone, credit card). Secrets are masked in output (first 6 + last 4 chars).
- `unauthenticated_webhooks` — Flags webhook/form triggers without authentication
- `error_handling` — Flags workflows with 3+ nodes and no error handling
- `data_retention` — Flags workflows saving all execution data (success + failure)
**Parameters** (all optional):
- `categories` — Array of built-in audit categories
- `includeCustomScan` — Boolean (default: `true`)
- `customChecks` — Array subset of the 4 custom checks
- `daysAbandonedWorkflow` — Days threshold for abandoned workflow detection
**Output**: Actionable markdown report with:
- Summary table (critical/high/medium/low finding counts)
- Findings grouped by workflow
- Remediation Playbook with three sections:
- **Auto-fixable** — Items you can fix with tool chains (e.g., add auth to webhooks)
- **Requires review** — Items needing human judgment (e.g., PII detection)
- **Requires user action** — Items needing manual intervention (e.g., rotate exposed keys)
---
## Self-Help Tools ## Self-Help Tools
### Get Tool Documentation ### Get Tool Documentation
@@ -580,6 +686,8 @@ n8n_health_check({mode: "diagnostic"})
- n8n_workflow_versions - n8n_workflow_versions
- n8n_autofix_workflow - n8n_autofix_workflow
- n8n_manage_datatable - n8n_manage_datatable
- n8n_manage_credentials
- n8n_audit_instance
If API tools unavailable, use templates and validation-only workflows. If API tools unavailable, use templates and validation-only workflows.
@@ -649,6 +757,8 @@ validate_node({nodeType: "nodes-base.webhook", config: {}, mode: "minimal"})
| validate_node (minimal) | <50ms | Small | | validate_node (minimal) | <50ms | Small |
| validate_node (full) | <100ms | Medium | | validate_node (full) | <100ms | Medium |
| validate_workflow | 100-500ms | Medium | | validate_workflow | 100-500ms | Medium |
| n8n_manage_credentials | 50-500ms | Small-Medium |
| n8n_audit_instance | 500-5000ms | Large |
| n8n_create_workflow | 100-500ms | Medium | | n8n_create_workflow | 100-500ms | Medium |
| n8n_update_partial_workflow | 50-200ms | Small | | n8n_update_partial_workflow | 50-200ms | Small |
| n8n_deploy_template | 200-500ms | Medium | | n8n_deploy_template | 200-500ms | Medium |
@@ -691,7 +801,9 @@ validate_node({nodeType: "nodes-base.webhook", config: {}, mode: "minimal"})
7. Workflows can be **activated via API** (`activateWorkflow` operation) 7. Workflows can be **activated via API** (`activateWorkflow` operation)
8. Workflows are built **iteratively** (56s avg between edits) 8. Workflows are built **iteratively** (56s avg between edits)
9. **Data tables** managed with `n8n_manage_datatable` (CRUD + filtering) 9. **Data tables** managed with `n8n_manage_datatable` (CRUD + filtering)
10. **AI agent guide** available via `ai_agents_guide()` tool 10. **Credentials** managed with `n8n_manage_credentials` (CRUD + schema discovery)
11. **Security audits** via `n8n_audit_instance` (built-in + custom deep scan)
12. **AI agent guide** available via `ai_agents_guide()` tool
**Common Workflow**: **Common Workflow**:
1. search_nodes → find node 1. search_nodes → find node

157
skills/n8n-mcp-tools-expert/WORKFLOW_GUIDE.md
View File

@@ -523,6 +523,161 @@ n8n_test_workflow({
--- ---
## n8n_manage_credentials (CREDENTIAL MANAGEMENT)
**Speed**: 50-500ms
**Use when**: Creating, updating, listing, or deleting credentials; discovering credential schemas
### 6 Actions
1. `list` - List all credentials (id, name, type, timestamps)
2. `get` - Get credential by ID (data field stripped)
3. `create` - Create credential (requires name, type, data)
4. `update` - Update credential by ID (name, data, and/or type)
5. `delete` - Permanently delete credential by ID
6. `getSchema` - Discover required fields for a credential type
### List Credentials
```javascript
n8n_manage_credentials({action: "list"})
// → [{id, name, type, createdAt, updatedAt}, ...]
```
### Get Credential
```javascript
n8n_manage_credentials({action: "get", id: "123"})
// → {id, name, type, ...} (data field stripped for security)
// Falls back to list+filter if GET returns 403/405
```
### Discover Schema
```javascript
n8n_manage_credentials({
action: "getSchema",
credentialType: "httpHeaderAuth"
})
// → Required fields, types, descriptions for this credential type
```
### Create Credential
```javascript
n8n_manage_credentials({
action: "create",
name: "My Slack Token",
type: "slackApi",
data: {accessToken: "xoxb-your-token"}
})
// → Created credential (data field stripped from response)
```
### Update Credential
```javascript
n8n_manage_credentials({
action: "update",
id: "123",
name: "Updated Slack Token",
data: {accessToken: "xoxb-new-token"},
type: "slackApi" // Optional, some n8n versions require it
})
// → Updated credential (data field stripped from response)
```
### Delete Credential
```javascript
n8n_manage_credentials({action: "delete", id: "123"})
```
### Typical Workflow: Set Up Credentials for a New Integration
```javascript
// 1. Discover what fields are needed
n8n_manage_credentials({
action: "getSchema",
credentialType: "slackApi"
})
// 2. Create the credential
n8n_manage_credentials({
action: "create",
name: "Production Slack",
type: "slackApi",
data: {accessToken: "xoxb-..."}
})
// 3. Verify it was created
n8n_manage_credentials({action: "list"})
```
### Security Notes
- **Response stripping**: `get`, `create`, and `update` all strip the `data` field from responses (defense-in-depth — secrets are never returned)
- **Log redaction**: Credential request bodies are redacted from debug logs
- **Fallback resilience**: `get` falls back to list+filter when `GET /credentials/:id` returns 403/405 (endpoint not in all n8n versions)
---
## n8n_audit_instance (SECURITY AUDIT)
**Speed**: 500-5000ms (scans all workflows)
**Use when**: Auditing instance security, finding hardcoded secrets, checking for unauthenticated webhooks, verifying error handling
### Two Scanning Approaches
**1. Built-in Audit** (via n8n's `POST /audit` API):
- 5 risk categories: `credentials`, `database`, `nodes`, `instance`, `filesystem`
- Wraps n8n's native audit endpoint; gracefully degrades if unavailable
**2. Custom Deep Scan** (workflow analysis):
- `hardcoded_secrets` — 50+ regex patterns for API keys/tokens/passwords plus PII detection
- `unauthenticated_webhooks` — Webhook/form triggers without authentication
- `error_handling` — Workflows with 3+ nodes and no error handling
- `data_retention` — Workflows saving all execution data
### Examples
```javascript
// Full audit (default)
n8n_audit_instance()
// Built-in audit only
n8n_audit_instance({
categories: ["credentials", "nodes", "instance"],
includeCustomScan: false
})
// Custom scan only — specific checks
n8n_audit_instance({
customChecks: ["hardcoded_secrets", "unauthenticated_webhooks"]
})
// Custom abandoned workflow threshold
n8n_audit_instance({
daysAbandonedWorkflow: 90
})
```
### Output
Returns an actionable markdown report with:
- **Summary table**: Critical/high/medium/low finding counts
- **Findings by workflow**: Per-workflow tables of issues
- **Built-in audit results**: n8n's native audit findings
- **Remediation Playbook**:
- Auto-fixable items (with tool chains to apply)
- Items requiring review (human judgment needed)
- Items requiring user action (e.g., key rotation)
### Secret Masking
Detected secrets are masked in output — shows first 6 + last 4 characters only. Raw values are never stored or returned.
### Remediation Types
- `auto_fixable` — Can be fixed with MCP tools (e.g., add webhook auth)
- `review_recommended` — Needs human judgment (e.g., PII detection)
- `user_input_needed` — Requires user decision (e.g., choose auth method)
- `user_action_needed` — Manual action required (e.g., rotate exposed API key)
---
## n8n_validate_workflow (by ID) ## n8n_validate_workflow (by ID)
**Use when**: Validating workflow stored in n8n **Use when**: Validating workflow stored in n8n
@@ -709,6 +864,8 @@ update → update → update → ... (56s avg between edits)
- `n8n_test_workflow` - Trigger execution - `n8n_test_workflow` - Trigger execution
- `n8n_executions` - Manage executions - `n8n_executions` - Manage executions
- `n8n_manage_datatable` - Data table and row management - `n8n_manage_datatable` - Data table and row management
- `n8n_manage_credentials` - Credential CRUD + schema discovery
- `n8n_audit_instance` - Security audit (built-in + custom scan)
- `n8n_delete_workflow` - Permanently delete workflows - `n8n_delete_workflow` - Permanently delete workflows
- `n8n_list_workflows` - List workflows with filtering - `n8n_list_workflows` - List workflows with filtering
- `n8n_update_full_workflow` - Full workflow replacement - `n8n_update_full_workflow` - Full workflow replacement

3
skills/n8n-validation-expert/SKILL.md
View File

@@ -754,7 +754,8 @@ For comprehensive error catalogs and false positive examples:
3. Review warnings and decide if acceptable 3. Review warnings and decide if acceptable
4. Deploy with confidence 4. Deploy with confidence
**Related Skills**: **Related Skills & Tools**:
- n8n MCP Tools Expert - Use validation tools correctly - n8n MCP Tools Expert - Use validation tools correctly
- n8n Expression Syntax - Fix expression errors - n8n Expression Syntax - Fix expression errors
- n8n Node Configuration - Understand required fields - n8n Node Configuration - Understand required fields
- `n8n_audit_instance` - Proactive security validation (hardcoded secrets, unauthenticated webhooks, missing error handling, data retention)