Hey everyone,
I’ve been spending time thinking about n8n workflow security — specifically the patterns that make workflows
vulnerable when exposed to external input. Things like:
- A Webhook trigger piping directly into a Code or Execute Command node with no validation in between
- API keys hardcoded in HTTP Request node headers instead of the credential store
- Full HTTP responses forwarded straight to Slack/email without filtering sensitive fields
I couldn’t find a tool that scans for these patterns in n8n specifically, so I built one.
FlowGuard is a free, open-source CLI that performs static analysis on n8n workflows. It checks 6 rules mapped to the
What it checks (6 rules, mapped to OWASP Agentic Top 10):
- Unrestricted Code Execution (Critical) — Trigger nodes flowing directly to code/shell execution without
validation - Insecure Credential Usage (Critical) — Hardcoded API keys, tokens, and secrets in node parameters
- Excessive Agency (High) — Nodes with system-level access like executeCommand and SSH
- Missing Input Validation (High) — External input reaching code, DB, or HTTP nodes unvalidated
- Unsafe Output Handling (Medium) — HTTP responses flowing into code/DB nodes unvalidated
- Excessive Data Exposure (Medium) — Full responses forwarded to notification channels without filtering
Two ways to use it:
Scan exported JSON files:
npx n8n-flowguard scan workflow.json
Or point it directly at a running instance:
npx n8n-flowguard scan --url https://your-n8n.example.com --api-key YOUR_API_KEY
Here’s what the output looks like against a test workflow:
[CRITICAL] Unrestricted Code Execution (Run Script)
Trigger "Webhook" flows to code execution node "Run Script" without validation
[CRITICAL] Insecure Credential Usage (Fetch API)
Node "Fetch API" has a hardcoded credential in parameter "headers.Authorization"
[HIGH] Missing Input Validation (Query DB)
Trigger "Webhook" feeds into "Query DB" (n8n-nodes-base.postgres) without input validation
Found 4 critical, 4 high, 1 medium issues across 1 workflow(s).
It also outputs SARIF (for GitHub Code Scanning) and JSON, and has a --fail-on flag for CI/CD gating.
What I’d love to know from you all:
- Which of these rules would actually be useful for your production workflows?
- What patterns do you worry about that aren’t covered here?
- Would you actually run this against your instance?
GitHub: GitHub - MohibShaikh/FlowGuard · GitHub
npm: npm install -g n8n-flowguard
License: AGPL-3.0 (free forever)
Happy to answer any questions. This is early, I’m building based on what real n8n users actually need, so your feedback directly shapes what I work on next.