74
/ 100
17 days ago
glama

n8n-mcp

A Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations, enabling them to build and validate workflows.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Known vulnerabilities in dependencies: 12 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 7 credentials: AUTH_TOKEN, MCP_AUTH_TOKEN, N8N_API_KEY, N8N_MCP_LLM_API_KEY, OPENAI_API_KEY, SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies12 high12 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

highform-data@4.0.5GHSA-hmw2-7cc7-3qxx

form-data: CRLF injection in form-data via unescaped multipart field names and filenames

highaxios@1.14.0GHSA-35jp-ww65-95wh

axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

highaxios@1.14.0GHSA-3g43-6gmg-66jw

axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

highaxios@1.14.0GHSA-6chq-wfr3-2hj9

Axios: Header Injection via Prototype Pollution

highaxios@1.14.0GHSA-777c-7fjr-54vf

Allocation of Resources Without Limits or Throttling in Axios

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configAUTH_RATE_LIMIT_MAX
configAUTH_RATE_LIMIT_WINDOW
🔐 secretAUTH_TOKEN
configAUTH_TOKEN_FILE
configAWS_EXECUTION_ENV
configAZURE_FUNCTIONS_ENVIRONMENT
configBASE_URL
configCORS_ORIGIN
configDISABLED_TOOLS
configDISABLE_CONSOLE_OUTPUT
configDISABLE_TELEMETRY
configENABLE_MULTI_TENANT
configFLY_APP_NAME
configGITHUB_ACTIONS
configGITHUB_REF
configGITHUB_REPOSITORY
configGITHUB_RUN_ID
configGITHUB_RUN_NUMBER
configGITHUB_SHA
configGIT_COMMIT
configGOOGLE_CLOUD_PROJECT
configHEROKU_APP_NAME
configHOST
configIS_CONTAINER
configIS_DOCKER
configKUBERNETES_SERVICE_HOST
configLOG_LEVEL
🔐 secretMCP_AUTH_TOKEN
configMCP_MODE
configMCP_PORT
configMCP_URL
configMETADATA_LIMIT
configMULTI_TENANT_ALLOW_CONCURRENT_SESSIONS
configMULTI_TENANT_SESSION_STRATEGY
🔐 secretN8N_API_KEYThese tools require N8N_API_URL and in your configuration.
configN8N_API_URLThese tools require and N8N_API_KEY in your configuration.
configN8N_CUSTOM_PATH
configN8N_MCP_CONFIG_VOLUME
configN8N_MCP_DB_PATH
🔐 secretN8N_MCP_LLM_API_KEY
configN8N_MCP_LLM_BASE_URL
configN8N_MCP_LLM_CONCURRENCY
configN8N_MCP_LLM_MODEL
configN8N_MCP_LLM_TIMEOUT
configN8N_MCP_MAX_SESSIONS
configN8N_MCP_TELEMETRY_DISABLED
configN8N_MCP_USER_ID
configN8N_MODE
configN8N_MODULES_PATH
configN8N_SKILLS_SOURCE
🔐 secretOPENAI_API_KEY
configOPENAI_BATCH_SIZE
configOPENAI_MODEL
configPORT
configPUBLIC_URL
configRENDER
configSESSION_TIMEOUT_MINUTES
configSKIP_WORKFLOW_VALIDATION
configSQLJS_SAVE_INTERVAL_MS
🔐 secretSUPABASE_ANON_KEY
🔐 secretSUPABASE_SERVICE_ROLE_KEY
configSUPABASE_URL
configTELEMETRY_DISABLED
configTRUST_PROXY
configUSE_FIXED_HTTP
configWORKFLOW_VERSION_RETENTION_DAYS
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/lucas-denzer-n8n-mcp-1no716)](https://m8ven.ai/mcp/lucas-denzer-n8n-mcp-1no716)
commit: 01a91aa7293353eef354b322645fbe8e586283b8
code hash: ea4fff6539cad42445af8be1f5f48ac1392d164087b5f476deb5ed340b1cedaf
verified: 6/22/2026, 1:21:07 PM
view raw JSON →