74
/ 100
25 days ago
glama

n8n-ops-mcp

Provides ops-focused n8n tools for MCP-compatible agents, enabling listing, inspecting, triggering, validating, managing tags, running security audits, and safely editing n8n workflows with auto-backup and confirm gates.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: N8N_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies3 high1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

highopenclaw@2026.4.22GHSA-cwj3-vqpp-pmxr

OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

highopenclaw@2026.4.22GHSA-r39h-4c2p-3jxp

OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

highopenclaw@2026.4.22GHSA-rjxq-qqhf-8hwh

OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin

lowopenclaw@2026.4.22GHSA-q8ff-7ffm-m3r9

OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretN8N_API_KEYyes - n8n Public API key (X-N8N-API-KEY)
configN8N_API_KEY_ENV
configN8N_BACKUP_DIRno ~/.n8n-backups Where n8n_save_workflow writes pre-save snapshots
configN8N_BASE_URLyes - n8n base URL, e.g. http://localhost:5678
configN8N_ENABLE_CREDENTIALS_WRITEno false Second gate (on top of N8N_ENABLE_EDIT) for n8n_create_credential and n8n_delete_credential. See [Security model](#security-model).
configN8N_ENABLE_EDITWrite tools are hidden unless =true.
configSMOKE_WRITE
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/solomonneas-n8n-ops-mcp-1oms3u)](https://m8ven.ai/mcp/solomonneas-n8n-ops-mcp-1oms3u)
commit: 572a98e8be1bb33c307a301b4f5b5f42c489b1d5
code hash: 436a415c7d896f302dce171b173cee0dfb96508c87392ec5d1a98fba184278bf
verified: 6/18/2026, 11:22:49 AM
view raw JSON →