generate-audit
Perform a security audit for your n8n instance by analyzing credentials, database, nodes, filesystem, and instance configurations to identify potential vulnerabilities.
Instructions
Generate a security audit for your n8n instance.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| categories | No | ||
| clientId | Yes | ||
| daysAbandonedWorkflow | No |
Implementation Reference
- src/index.ts:1922-1956 (handler)MCP tool handler for 'generate-audit': retrieves the N8nClient instance and calls its generateAudit method with the provided options, returning the audit result as JSON or an error.
case "generate-audit": { const { clientId, daysAbandonedWorkflow, categories } = args as { clientId: string; daysAbandonedWorkflow?: number; categories?: Array<'credentials' | 'database' | 'nodes' | 'filesystem' | 'instance'>; }; const client = clients.get(clientId); if (!client) { return { content: [{ type: "text", text: "Client not initialized. Please run init-n8n first.", }], isError: true }; } try { const audit = await client.generateAudit({ daysAbandonedWorkflow, categories }); return { content: [{ type: "text", text: JSON.stringify(audit, null, 2), }] }; } catch (error) { return { content: [{ type: "text", text: error instanceof Error ? error.message : "Unknown error occurred", }], isError: true }; } } - src/index.ts:831-848 (registration)Tool registration in the listTools response, defining name, description, and input schema for 'generate-audit'.
name: "generate-audit", description: "Generate a security audit for your n8n instance.", inputSchema: { type: "object", properties: { clientId: { type: "string" }, daysAbandonedWorkflow: { type: "number" }, categories: { type: "array", items: { type: "string", enum: ["credentials", "database", "nodes", "filesystem", "instance"] } } }, required: ["clientId"] } } - src/index.ts:342-355 (helper)N8nClient method that implements the core logic: POST request to n8n's /audit endpoint with options to generate the security audit report.
async generateAudit(options: { daysAbandonedWorkflow?: number; categories?: Array<'credentials' | 'database' | 'nodes' | 'filesystem' | 'instance'>; } = {}): Promise<N8nAuditResult> { return this.makeRequest<N8nAuditResult>('/audit', { method: 'POST', body: JSON.stringify({ additionalOptions: { daysAbandonedWorkflow: options.daysAbandonedWorkflow, categories: options.categories, }, }), }); } - src/index.ts:91-97 (schema)TypeScript interface defining the expected structure of the audit result object returned by the n8n /audit API.
interface N8nAuditResult { 'Credentials Risk Report'?: any; 'Database Risk Report'?: any; 'Filesystem Risk Report'?: any; 'Nodes Risk Report'?: any; 'Instance Risk Report'?: any; }