At SplxAI, our primary goal remains safeguarding LLM-enabled systems through novel security practices and improved transparency of AI agents. Building on the recent integration of the CrewAI framework into our open-source security scanner, Agentic Radar, we are excited to advance it even further by adding support for the n8n workflow automation framework. This addition enhances Agentic Radar's ability to efficiently visualize dependencies in agentic workflows, while also providing a comprehensive overview of potential vulnerabilities based on established AI security frameworks from OWASP.
At SplxAI, our primary goal remains safeguarding LLM-enabled systems through novel security practices and improved transparency of AI agents. Building on the recent integration of the CrewAI framework into our open-source security scanner, Agentic Radar, we are excited to advance it even further by adding support for the n8n workflow automation framework. This addition enhances Agentic Radar's ability to efficiently visualize dependencies in agentic workflows, while also providing a comprehensive overview of potential vulnerabilities based on established AI security frameworks from OWASP.
At SplxAI, our primary goal remains safeguarding LLM-enabled systems through novel security practices and improved transparency of AI agents. Building on the recent integration of the CrewAI framework into our open-source security scanner, Agentic Radar, we are excited to advance it even further by adding support for the n8n workflow automation framework. This addition enhances Agentic Radar's ability to efficiently visualize dependencies in agentic workflows, while also providing a comprehensive overview of potential vulnerabilities based on established AI security frameworks from OWASP.
Exploring an n8n Workflow: A Configuration Example
N8n is widely adopted for its intuitive, no-code approach, allowing technical teams to rapidly deploy advanced automation workflows while keeping development efforts at a minimum. However, the ease and speed of building workflows can sometimes obscure potential security risks. Let's illustrate this by examining a standard workflow provided by n8n as a starting tutorial – a workflow that leverages an AI agent to manage interactions with a user's Google Calendar.
Here’s a simplified JSON export of the example workflow (the full JSON file can be viewed here):
{
"name": "Demo: My first AI Agent in n8n",
"nodes": [
{
"parameters": {
"operation": "getAll",
"calendar": {
"__rl": true,
"mode": "list"
},
"returnAll": true,
"options": {
"timeMin": "={{ $fromAI('after', 'The earliest datetime we want to look for events for') }}",
"timeMax": "={{ $fromAI('before', 'The latest datetime we want to look for events for') }}",
"singleEvents": true,
"query": "={{ $fromAI('query', 'The search query to look for in the calendar. Leave empty if no search query is needed') }}"
}
},
"id": "0d7e4666-bc0e-489a-9e8f-a5ef191f4954",
"name": "Google Calendar",
"type": "n8n-nodes-base.googleCalendarTool",
"typeVersion": 1.2,
"position": [
880,
220
]
},
{
"parameters": {
"options": {}
},
"id": "5b410409-5b0b-47bd-b413-5b9b1000a063",
"name": "When chat message received",
"type": "@n8n/n8n-nodes-langchain.chatTrigger",
"typeVersion": 1.1,
"position": [
360,
20
],
"webhookId": "a889d2ae-2159-402f-b326-5f61e90f602e"
},
{
"parameters": {
"options": {
"systemMessage": "=You're a helpful assistant that helps the user answer questions about their calendar.\n\nToday is {{ $now.format('cccc') }} the {{ $now.format('yyyy-MM-dd HH:mm') }}."
}
},
"id": "29963449-1dc1-487d-96f2-7ff0a5c3cd97",
"name": "AI Agent",
"type": "@n8n/n8n-nodes-langchain.agent",
"typeVersion": 1.7,
"position": [
560,
20
]
},
{
"parameters": {
"options": {}
},
"id": "cbaedf86-9153-4778-b893-a7e50d3e04ba",
"name": "OpenAI Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"typeVersion": 1,
"position": [
520,
220
]
},
{
"parameters": {},
"id": "75481370-bade-4d90-a878-3a3b0201edcc",
"name": "Memory",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"typeVersion": 1.3,
"position": [
680,
220
]
}
],
"pinData": {},
"connections": {
"Google Calendar": {
"ai_tool": [
[
{
"node": "AI Agent",
"type": "ai_tool",
"index": 0
}
]
]
},
"When chat message received": {
"main": [
[
{
"node": "AI Agent",
"type": "main",
"index": 0
}
]
]
},
"OpenAI Model": {
"ai_languageModel": [
[
{
"node": "AI Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Memory": {
"ai_memory": [
[
{
"node": "AI Agent",
"type": "ai_memory",
"index": 0
}
]
]
}
},
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "",
"meta": {
"templateId": "PT1i+zU92Ii5O2XCObkhfHJR5h9rNJTpiCIkYJk9jHU=",
"instanceId": "c6e7cbc25285e89c15aa651a56e0b1d532745b417e03fd64dc2d8661d6ff329b"
},
"tags": []
}
N8n workflows are defined using the graphic user interface, so we focus on analyzing the JSON export of the workflow to understand its structure and content.
N8n is widely adopted for its intuitive, no-code approach, allowing technical teams to rapidly deploy advanced automation workflows while keeping development efforts at a minimum. However, the ease and speed of building workflows can sometimes obscure potential security risks. Let's illustrate this by examining a standard workflow provided by n8n as a starting tutorial – a workflow that leverages an AI agent to manage interactions with a user's Google Calendar.
Here’s a simplified JSON export of the example workflow (the full JSON file can be viewed here):
{
"name": "Demo: My first AI Agent in n8n",
"nodes": [
{
"parameters": {
"operation": "getAll",
"calendar": {
"__rl": true,
"mode": "list"
},
"returnAll": true,
"options": {
"timeMin": "={{ $fromAI('after', 'The earliest datetime we want to look for events for') }}",
"timeMax": "={{ $fromAI('before', 'The latest datetime we want to look for events for') }}",
"singleEvents": true,
"query": "={{ $fromAI('query', 'The search query to look for in the calendar. Leave empty if no search query is needed') }}"
}
},
"id": "0d7e4666-bc0e-489a-9e8f-a5ef191f4954",
"name": "Google Calendar",
"type": "n8n-nodes-base.googleCalendarTool",
"typeVersion": 1.2,
"position": [
880,
220
]
},
{
"parameters": {
"options": {}
},
"id": "5b410409-5b0b-47bd-b413-5b9b1000a063",
"name": "When chat message received",
"type": "@n8n/n8n-nodes-langchain.chatTrigger",
"typeVersion": 1.1,
"position": [
360,
20
],
"webhookId": "a889d2ae-2159-402f-b326-5f61e90f602e"
},
{
"parameters": {
"options": {
"systemMessage": "=You're a helpful assistant that helps the user answer questions about their calendar.\n\nToday is {{ $now.format('cccc') }} the {{ $now.format('yyyy-MM-dd HH:mm') }}."
}
},
"id": "29963449-1dc1-487d-96f2-7ff0a5c3cd97",
"name": "AI Agent",
"type": "@n8n/n8n-nodes-langchain.agent",
"typeVersion": 1.7,
"position": [
560,
20
]
},
{
"parameters": {
"options": {}
},
"id": "cbaedf86-9153-4778-b893-a7e50d3e04ba",
"name": "OpenAI Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"typeVersion": 1,
"position": [
520,
220
]
},
{
"parameters": {},
"id": "75481370-bade-4d90-a878-3a3b0201edcc",
"name": "Memory",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"typeVersion": 1.3,
"position": [
680,
220
]
}
],
"pinData": {},
"connections": {
"Google Calendar": {
"ai_tool": [
[
{
"node": "AI Agent",
"type": "ai_tool",
"index": 0
}
]
]
},
"When chat message received": {
"main": [
[
{
"node": "AI Agent",
"type": "main",
"index": 0
}
]
]
},
"OpenAI Model": {
"ai_languageModel": [
[
{
"node": "AI Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Memory": {
"ai_memory": [
[
{
"node": "AI Agent",
"type": "ai_memory",
"index": 0
}
]
]
}
},
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "",
"meta": {
"templateId": "PT1i+zU92Ii5O2XCObkhfHJR5h9rNJTpiCIkYJk9jHU=",
"instanceId": "c6e7cbc25285e89c15aa651a56e0b1d532745b417e03fd64dc2d8661d6ff329b"
},
"tags": []
}
N8n workflows are defined using the graphic user interface, so we focus on analyzing the JSON export of the workflow to understand its structure and content.
N8n is widely adopted for its intuitive, no-code approach, allowing technical teams to rapidly deploy advanced automation workflows while keeping development efforts at a minimum. However, the ease and speed of building workflows can sometimes obscure potential security risks. Let's illustrate this by examining a standard workflow provided by n8n as a starting tutorial – a workflow that leverages an AI agent to manage interactions with a user's Google Calendar.
Here’s a simplified JSON export of the example workflow (the full JSON file can be viewed here):
{
"name": "Demo: My first AI Agent in n8n",
"nodes": [
{
"parameters": {
"operation": "getAll",
"calendar": {
"__rl": true,
"mode": "list"
},
"returnAll": true,
"options": {
"timeMin": "={{ $fromAI('after', 'The earliest datetime we want to look for events for') }}",
"timeMax": "={{ $fromAI('before', 'The latest datetime we want to look for events for') }}",
"singleEvents": true,
"query": "={{ $fromAI('query', 'The search query to look for in the calendar. Leave empty if no search query is needed') }}"
}
},
"id": "0d7e4666-bc0e-489a-9e8f-a5ef191f4954",
"name": "Google Calendar",
"type": "n8n-nodes-base.googleCalendarTool",
"typeVersion": 1.2,
"position": [
880,
220
]
},
{
"parameters": {
"options": {}
},
"id": "5b410409-5b0b-47bd-b413-5b9b1000a063",
"name": "When chat message received",
"type": "@n8n/n8n-nodes-langchain.chatTrigger",
"typeVersion": 1.1,
"position": [
360,
20
],
"webhookId": "a889d2ae-2159-402f-b326-5f61e90f602e"
},
{
"parameters": {
"options": {
"systemMessage": "=You're a helpful assistant that helps the user answer questions about their calendar.\n\nToday is {{ $now.format('cccc') }} the {{ $now.format('yyyy-MM-dd HH:mm') }}."
}
},
"id": "29963449-1dc1-487d-96f2-7ff0a5c3cd97",
"name": "AI Agent",
"type": "@n8n/n8n-nodes-langchain.agent",
"typeVersion": 1.7,
"position": [
560,
20
]
},
{
"parameters": {
"options": {}
},
"id": "cbaedf86-9153-4778-b893-a7e50d3e04ba",
"name": "OpenAI Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"typeVersion": 1,
"position": [
520,
220
]
},
{
"parameters": {},
"id": "75481370-bade-4d90-a878-3a3b0201edcc",
"name": "Memory",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"typeVersion": 1.3,
"position": [
680,
220
]
}
],
"pinData": {},
"connections": {
"Google Calendar": {
"ai_tool": [
[
{
"node": "AI Agent",
"type": "ai_tool",
"index": 0
}
]
]
},
"When chat message received": {
"main": [
[
{
"node": "AI Agent",
"type": "main",
"index": 0
}
]
]
},
"OpenAI Model": {
"ai_languageModel": [
[
{
"node": "AI Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Memory": {
"ai_memory": [
[
{
"node": "AI Agent",
"type": "ai_memory",
"index": 0
}
]
]
}
},
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "",
"meta": {
"templateId": "PT1i+zU92Ii5O2XCObkhfHJR5h9rNJTpiCIkYJk9jHU=",
"instanceId": "c6e7cbc25285e89c15aa651a56e0b1d532745b417e03fd64dc2d8661d6ff329b"
},
"tags": []
}
N8n workflows are defined using the graphic user interface, so we focus on analyzing the JSON export of the workflow to understand its structure and content.
Finding Nodes in the Workflow
In n8n, each workflow comprises discrete elements called nodes. These nodes, defined clearly in the JSON configuration, serve as individual processing steps. By examining each node’s attributes – primarily its name, unique id, and specific type – we establish a clear categorization that aligns closely with known security vulnerabilities and risk profiles.
In our tutorial example, we identified five distinct nodes:
Basic Nodes: foundational elements that initiate or terminate workflows.
Agent Nodes: providing intelligent decision-making through agentic logic.
Tool Nodes: external integrations or utilities that agents rely upon.
Specifically, our workflow has one basic node, one agent node, and three tool nodes:
OpenAI Model Tool (LLM category)
Memory Tool (Document Loader category)
Google Calendar Tool (Default integration category)
Each node category carries unique security implications – for instance, integrations with external APIs (like Google Calendar) and LLM-based tools (OpenAI models) inherently introduce data exfiltration and manipulation risks, which means that thorough evaluations are necessary.
In n8n, each workflow comprises discrete elements called nodes. These nodes, defined clearly in the JSON configuration, serve as individual processing steps. By examining each node’s attributes – primarily its name, unique id, and specific type – we establish a clear categorization that aligns closely with known security vulnerabilities and risk profiles.
In our tutorial example, we identified five distinct nodes:
Basic Nodes: foundational elements that initiate or terminate workflows.
Agent Nodes: providing intelligent decision-making through agentic logic.
Tool Nodes: external integrations or utilities that agents rely upon.
Specifically, our workflow has one basic node, one agent node, and three tool nodes:
OpenAI Model Tool (LLM category)
Memory Tool (Document Loader category)
Google Calendar Tool (Default integration category)
Each node category carries unique security implications – for instance, integrations with external APIs (like Google Calendar) and LLM-based tools (OpenAI models) inherently introduce data exfiltration and manipulation risks, which means that thorough evaluations are necessary.
In n8n, each workflow comprises discrete elements called nodes. These nodes, defined clearly in the JSON configuration, serve as individual processing steps. By examining each node’s attributes – primarily its name, unique id, and specific type – we establish a clear categorization that aligns closely with known security vulnerabilities and risk profiles.
In our tutorial example, we identified five distinct nodes:
Basic Nodes: foundational elements that initiate or terminate workflows.
Agent Nodes: providing intelligent decision-making through agentic logic.
Tool Nodes: external integrations or utilities that agents rely upon.
Specifically, our workflow has one basic node, one agent node, and three tool nodes:
OpenAI Model Tool (LLM category)
Memory Tool (Document Loader category)
Google Calendar Tool (Default integration category)
Each node category carries unique security implications – for instance, integrations with external APIs (like Google Calendar) and LLM-based tools (OpenAI models) inherently introduce data exfiltration and manipulation risks, which means that thorough evaluations are necessary.
Connecting the Nodes: Unveiling Workflow Dynamics
In the next step, we map the connections defined in the JSON configuration to reveal workflow logic and data flow. Each node’s connections are systematically represented, clarifying execution order, dependencies, and potential attack vectors within the automation logic.
By analyzing the connections section of the JSON, we construct a directed graph illustrating the interplay between nodes. This visualization provides immediate insight into critical data paths and facilitates rapid identification of security hotspots, especially valuable in more complex and larger workflows.
In the next step, we map the connections defined in the JSON configuration to reveal workflow logic and data flow. Each node’s connections are systematically represented, clarifying execution order, dependencies, and potential attack vectors within the automation logic.
By analyzing the connections section of the JSON, we construct a directed graph illustrating the interplay between nodes. This visualization provides immediate insight into critical data paths and facilitates rapid identification of security hotspots, especially valuable in more complex and larger workflows.
In the next step, we map the connections defined in the JSON configuration to reveal workflow logic and data flow. Each node’s connections are systematically represented, clarifying execution order, dependencies, and potential attack vectors within the automation logic.
By analyzing the connections section of the JSON, we construct a directed graph illustrating the interplay between nodes. This visualization provides immediate insight into critical data paths and facilitates rapid identification of security hotspots, especially valuable in more complex and larger workflows.
Automating Security Scans with Agentic Radar
Manual security assessments of n8n workflows quickly become impractical as complexity increases, especially when multiple agents and numerous integrated tools come into play. Agentic Radar automates this analysis, significantly reducing assessment time while enhancing accuracy.
Here's how easy it is to scan the same n8n workflow using Agentic Radar:
Follow the setup instructions provided in the Agentic Radar GitHub repository.
Clone or download the n8n example workflow.
Execute the following command from your terminal:
agentic-radar -i path/to/n8n/example -o report.html n8nThe tool automatically generates a comprehensive security report (report.html), visually outlining:
The entire node-connection structure.
Detailed identification of agent usage and integrated tools.
Potential vulnerabilities correlated directly to OWASP's LLM and Agentic AI security frameworks.
Actionable remediation steps to proactively address detected threats.
Open the resulting report in your browser to see a clear breakdown, including the visual workflow graph and identified vulnerabilities:
Below the graph you can find the report of potential tool vulnerabilities:
Manual security assessments of n8n workflows quickly become impractical as complexity increases, especially when multiple agents and numerous integrated tools come into play. Agentic Radar automates this analysis, significantly reducing assessment time while enhancing accuracy.
Here's how easy it is to scan the same n8n workflow using Agentic Radar:
Follow the setup instructions provided in the Agentic Radar GitHub repository.
Clone or download the n8n example workflow.
Execute the following command from your terminal:
agentic-radar -i path/to/n8n/example -o report.html n8nThe tool automatically generates a comprehensive security report (report.html), visually outlining:
The entire node-connection structure.
Detailed identification of agent usage and integrated tools.
Potential vulnerabilities correlated directly to OWASP's LLM and Agentic AI security frameworks.
Actionable remediation steps to proactively address detected threats.
Open the resulting report in your browser to see a clear breakdown, including the visual workflow graph and identified vulnerabilities:
Below the graph you can find the report of potential tool vulnerabilities:
Manual security assessments of n8n workflows quickly become impractical as complexity increases, especially when multiple agents and numerous integrated tools come into play. Agentic Radar automates this analysis, significantly reducing assessment time while enhancing accuracy.
Here's how easy it is to scan the same n8n workflow using Agentic Radar:
Follow the setup instructions provided in the Agentic Radar GitHub repository.
Clone or download the n8n example workflow.
Execute the following command from your terminal:
agentic-radar -i path/to/n8n/example -o report.html n8nThe tool automatically generates a comprehensive security report (report.html), visually outlining:
The entire node-connection structure.
Detailed identification of agent usage and integrated tools.
Potential vulnerabilities correlated directly to OWASP's LLM and Agentic AI security frameworks.
Actionable remediation steps to proactively address detected threats.
Open the resulting report in your browser to see a clear breakdown, including the visual workflow graph and identified vulnerabilities:
Below the graph you can find the report of potential tool vulnerabilities:
Looking Ahead: Expanding and Enhancing Agentic Radar
By integrating n8n workflows, we've strengthened our commitment to comprehensive agentic security analysis and transparency. We still have to acknowledge how quickly the landscape of agentic systems is evolving – complexity is increasing, and emerging threats require ongoing improvements of detection capabilities.
Our roadmap includes expanding static analysis coverage, refining detection accuracy, and continuously extending support to new and emerging agentic frameworks. With each enhancement, Agentic Radar becomes an increasingly essential tool for any organization relying on AI-driven automation.
Stay tuned as we continue our mission of securing tomorrow’s intelligent workflows.
By integrating n8n workflows, we've strengthened our commitment to comprehensive agentic security analysis and transparency. We still have to acknowledge how quickly the landscape of agentic systems is evolving – complexity is increasing, and emerging threats require ongoing improvements of detection capabilities.
Our roadmap includes expanding static analysis coverage, refining detection accuracy, and continuously extending support to new and emerging agentic frameworks. With each enhancement, Agentic Radar becomes an increasingly essential tool for any organization relying on AI-driven automation.
Stay tuned as we continue our mission of securing tomorrow’s intelligent workflows.
By integrating n8n workflows, we've strengthened our commitment to comprehensive agentic security analysis and transparency. We still have to acknowledge how quickly the landscape of agentic systems is evolving – complexity is increasing, and emerging threats require ongoing improvements of detection capabilities.
Our roadmap includes expanding static analysis coverage, refining detection accuracy, and continuously extending support to new and emerging agentic frameworks. With each enhancement, Agentic Radar becomes an increasingly essential tool for any organization relying on AI-driven automation.
Stay tuned as we continue our mission of securing tomorrow’s intelligent workflows.
Ready to adopt Generative AI with confidence?
Ready to adopt Generative AI with confidence?
Ready to adopt Generative AI with confidence?
