Describe the problem/error/question
Unable to send Discord embed via HTTP Request and appears to be due to the Description field. The same Description can usually be sent via the Discord node, but I can’t figure out how to escape/format it in the HTTP Request to work.
The node works when using a plaintext value of “text”, but won’t work with the formatted LLM output I want to send.
I want to use the HTTP Request because the Discord Node doesn’t support all the embed fields I want to set.
What is the error message (if any)?
JSON parameter needs to be valid JSON [item 0]
Full Error text:
{
"errorMessage": "JSON parameter needs to be valid JSON [item 0]",
"errorDetails": {},
"n8nDetails": {
"nodeName": "HTTP Request",
"nodeType": "n8n-nodes-base.httpRequest",
"nodeVersion": 4.2,
"itemIndex": 0,
"time": "21/04/2025, 8:45:55 pm",
"n8nVersion": "1.86.1 (Self Hosted)",
"binaryDataMode": "default",
"stackTrace": [
"NodeOperationError: JSON parameter needs to be valid JSON",
" at ExecuteContext.execute (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/HttpRequest/V3/HttpRequestV3.node.js:256:23)",
" at WorkflowExecute.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/execution-engine/workflow-execute.js:681:50)",
" at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/execution-engine/workflow-execute.js:913:62",
" at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/execution-engine/workflow-execute.js:1246:20"
]
}
}
Please share your workflow
The preceding node is an LLM Chain that outputs a $json.text value, and additional fields are pulled from previous nodes. There’s no issue with those values so I haven’t included the previous nodes. It only errors when attempting to insert the $json.text in the embed Description field.
Here’s a sample of the LLM output that I wanted to insert to the Description. It’s long, but still within the 4096 character limit:
The Model Context Protocol (MCP) aims to standardize connections between LLMs and external data/tools, but its rapid adoption introduces significant security risks that need to be addressed.
### TL;DR
* MCP is gaining traction as a standard for connecting LLMs to external resources.
* MCP introduces security risks related to supply chain, local/remote servers, and client implementations.
* Local servers pose supply chain risks due to unvetted code execution.
* Remote servers introduce vendor risk and potential for data leakage.
* Client vulnerabilities include auto-run tools, tool name conflicts, and prompt injection.
* Recommendations include using trusted sources, auditing servers, applying least privilege, and considering sandboxing or gateways.
* The MCP ecosystem is evolving with improvements in registries, isolation, and permissions.
### Key Security Concerns
The article highlights several key security concerns associated with MCP:
* **Supply Chain Risks:** MCP servers are often built by independent developers without established security standards, creating a plugin-like ecosystem with unvetted code. Installation methods resemble the "pipe curl to bash" anti-pattern, lacking pinning, signing, or package locking.
* **Local vs. Remote Servers:** Local servers introduce the risk of running arbitrary code on a machine, while remote servers can lead to remote code execution, credential theft, or unauthorized access.
* **Client Vulnerabilities:** Clients can be vulnerable due to auto-running tools, tool name conflicts, slash command hijacking, and indirect prompt injection. Default guardrails are often inconsistent and uncomprehensive.
### Recommendations for Secure MCP Adoption
The article provides actionable guidance for early adopters:
* **Only use trusted sources:** Prefer well-known projects or vendors with clear ownership, visibility, and a security track record.
* **Audit before usage:** Treat MCP servers like packages with elevated privileges. Check for signs of malicious behavior, misconfigurations, or abandoned projects before relying on a server.
* **Apply least privilege to credentials:** Limit token scope, avoid broad permissions, and treat authentication requests with skepticism.
* **Pick a mature MCP client:** Selection criteria should include auditability, approval flows, permissions management, and overall security posture.
* **Favor local servers:** Prefer local servers where possible, limiting remote servers to well-vetted tools from security-minded vendors.
* **Consider an internal registry:** Maintain your own curated set of trusted MCP servers to reduce exposure to unknown code and limit potential for rug pulls.
* **Consider sandboxing MCP servers:** Use containerization, network egress controls, and/or syscall filtering to restrict impact.
* **Consider an MCP gateway:** Centralizing MCP Server usage through a proxy will allow a single point of control for audit logging and monitoring, as well as guardrails and governance controls.
### Future Directions
The article notes promising developments in the MCP ecosystem:
* **Official Registry:** An official registry is on the roadmap, ideally with stronger primitives around signing, pinning, and locking.
* **Tool Namespacing:** Tool namespacing can mitigate risks like typosquatting and impersonation.
* **Improved Isolation and Control:** Efforts are underway to improve isolation and control through sandboxing, network boundaries, and fine-grained resource constraints.
* **Granular Permissions Management:** The latest release of the protocol brought tool annotations for “readOnly” or “destructive,” with potential for enforcement mechanisms.
### Metadata
Main keywords or tags: Model Context Protocol, MCP, LLM, Security, AI, Supply Chain Security, Application Security, Remote Code Execution, Prompt Injection, Tooling, Authentication, Authorization, Risk Management
Share the output returned by the last node
This is the expression I’m using in the HTML Node:
The output is per the error message above
Information on your n8n setup
- n8n version: 1.86.1
- Database (default: SQLite): default
- n8n EXECUTIONS_PROCESS setting (default: own, main): default
- Running n8n via (Docker, npm, n8n cloud, desktop app): docker
- Operating system: Windows 11