At SplxAI, our primary goal remains safeguarding LLM-enabled systems through novel security practices and improved transparency of AI agents. Building on the recent integration of the CrewAI framework into our open-source security scanner, Agentic Radar, we are excited to advance it even further by adding support for the n8n workflow automation framework. This addition enhances Agentic Radar's ability to efficiently visualize dependencies in agentic workflows, while also providing a comprehensive overview of potential vulnerabilities based on established AI security frameworks from OWASP.
Finding Nodes in the Workflow
In n8n, each workflow comprises discrete elements called nodes. These nodes, defined clearly in the JSON configuration, serve as individual processing steps. By examining each node’s attributes – primarily its name
, unique id
, and specific type
– we establish a clear categorization that aligns closely with known security vulnerabilities and risk profiles.
In our tutorial example, we identified five distinct nodes:
Basic Nodes: foundational elements that initiate or terminate workflows.
Agent Nodes: providing intelligent decision-making through agentic logic.
Tool Nodes: external integrations or utilities that agents rely upon.

Specifically, our workflow has one basic node, one agent node, and three tool nodes:
OpenAI Model Tool (LLM category)
Memory Tool (Document Loader category)
Google Calendar Tool (Default integration category)
Each node category carries unique security implications – for instance, integrations with external APIs (like Google Calendar) and LLM-based tools (OpenAI models) inherently introduce data exfiltration and manipulation risks, which means that thorough evaluations are necessary.
Connecting the Nodes: Unveiling Workflow Dynamics
In the next step, we map the connections defined in the JSON configuration to reveal workflow logic and data flow. Each node’s connections are systematically represented, clarifying execution order, dependencies, and potential attack vectors within the automation logic.
By analyzing the connections
section of the JSON, we construct a directed graph illustrating the interplay between nodes. This visualization provides immediate insight into critical data paths and facilitates rapid identification of security hotspots, especially valuable in more complex and larger workflows.

Automating Security Scans with Agentic Radar
Manual security assessments of n8n workflows quickly become impractical as complexity increases, especially when multiple agents and numerous integrated tools come into play. Agentic Radar automates this analysis, significantly reducing assessment time while enhancing accuracy.
Here's how easy it is to scan the same n8n workflow using Agentic Radar:
Follow the setup instructions provided in the Agentic Radar GitHub repository.
Clone or download the n8n example workflow.
Execute the following command from your terminal:
The tool automatically generates a comprehensive security report (report.html
), visually outlining:
The entire node-connection structure.
Detailed identification of agent usage and integrated tools.
Potential vulnerabilities correlated directly to OWASP's LLM and Agentic AI security frameworks.
Actionable remediation steps to proactively address detected threats.
Open the resulting report in your browser to see a clear breakdown, including the visual workflow graph and identified vulnerabilities:

Below the graph you can find the report of potential tool vulnerabilities:

Looking Ahead: Expanding and Enhancing Agentic Radar
By integrating n8n workflows, we've strengthened our commitment to comprehensive agentic security analysis and transparency. We still have to acknowledge how quickly the landscape of agentic systems is evolving – complexity is increasing, and emerging threats require ongoing improvements of detection capabilities.
Our roadmap includes expanding static analysis coverage, refining detection accuracy, and continuously extending support to new and emerging agentic frameworks. With each enhancement, Agentic Radar becomes an increasingly essential tool for any organization relying on AI-driven automation.
Stay tuned as we continue our mission of securing tomorrow’s intelligent workflows.
Table of contents