n8n-MCP

36 tools. 6 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

6 can modify or destroy data
30 read-only
36 tools total

Community server · catalogue entry verified 03/07/2026

How to control n8n-MCP ↓

What n8n-MCP exposes to your agents

Read (30) Write / Execute (4) Destructive / Financial (2)
Critical Risk

The most dangerous n8n-MCP tools

6 of n8n-MCP's 36 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control n8n-MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and n8n-MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "n8n_delete_execution": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "n8n_create_workflow": {
    "limits": [
      {
        "counter": "n8n_create_workflow_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_database_statistics": {
    "limits": [
      {
        "counter": "get_database_statistics_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register n8n-MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON N8N-MCP →

Instant setup, no code required.

All 36 n8n-MCP tools

READ 30 tools
Read get_database_statistics Node stats: 525 total, 263 AI tools, 104 triggers, 87% docs coverage. Verifies MCP working. Read get_node_as_tool_info How to use ANY node as AI tool. Shows requirements, use cases, examples. Works for all nodes, not just AI-mark Read get_node_documentation Get readable docs with examples/auth/patterns. Better than raw schema! 87% coverage. Format: Read get_node_essentials Get node essential info. Pass nodeType as string with prefix. Example: nodeType= Read get_node_for_task Get pre-configured node for tasks: post_json_request, receive_webhook, query_database, send_slack_message, etc Read get_node_info Get full node documentation. Pass nodeType as string with prefix. Example: nodeType= Read get_property_dependencies Shows property dependencies and visibility rules. Example: sendBody=true reveals body fields. Test visibility Read get_template Get complete workflow JSON by ID. Ready to import. IDs from list_node_templates or search_templates. Read get_templates_for_task Curated templates by task: ai_automation, data_sync, webhooks, email, slack, data_transform, files, scheduling Read list_ai_tools List 263 AI-optimized nodes. Note: ANY node can be AI tool! Connect any node to AI Agent Read list_node_templates Find templates using specific nodes. 399 community workflows. Use FULL types: Read list_tasks List task templates by category: HTTP/API, Webhooks, Database, AI, Data Processing, Communication. Read n8n_diagnostic Diagnose n8n API config. Shows tool status, API connectivity, env vars. Helps troubleshoot missing tools. Read n8n_get_execution Get details of a specific execution by ID. Read n8n_get_workflow Get a workflow by ID. Returns the complete workflow including nodes, connections, and settings. Read n8n_get_workflow_details Get workflow details with metadata, version, execution stats. More info than get_workflow. Read n8n_get_workflow_minimal Get minimal info: ID, name, active status, tags. Fast for listings. Read n8n_get_workflow_structure Get workflow structure: nodes and connections only. No parameter details. Read n8n_health_check Check n8n instance health and API connectivity. Returns status and available features. Read n8n_list_available_tools List available n8n tools and capabilities. Read n8n_list_executions List workflow executions (returns up to limit). Check hasMore/nextCursor for pagination. Read n8n_list_workflows List workflows (minimal metadata only). Returns id/name/active/dates/tags. Check hasMore/nextCursor for pagina Read n8n_validate_workflow Validate workflow by ID. Checks nodes, connections, expressions. Returns errors/warnings/suggestions. Read search_node_properties Find specific properties in a node (auth, headers, body, etc). Returns paths and descriptions. Read search_nodes Search n8n nodes by keyword. Pass query as string. Example: query= Read search_templates Search templates by name/description keywords. NOT for node types! For nodes use list_node_templates. Example: Read tools_documentation Get documentation for n8n MCP tools. Call without parameters for quick start guide. Use topic parameter to get Read validate_workflow Full workflow validation: structure, connections, expressions, AI tools. Returns errors/warnings/fixes. Essent Read validate_workflow_connections Check workflow connections only: valid nodes, no cycles, proper triggers, AI tool links. Fast structure valida Read validate_workflow_expressions Validate n8n expressions: syntax {{}}, variables ($json/$node), references. Returns errors with locations.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about n8n-MCP

Can an AI agent delete data through the n8n- MCP server? +

Yes. The n8n-MCP server exposes 2 destructive tools including n8n_delete_execution, n8n_delete_workflow. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through n8n-MCP? +

The n8n-MCP server has 3 write tools including n8n_create_workflow, n8n_update_full_workflow, n8n_update_partial_workflow. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach n8n-MCP.

How many tools does the n8n- MCP server expose? +

36 tools across 4 categories: Destructive, Execute, Read, Write. 30 are read-only. 6 can modify, create, or delete data.

How do I enforce a policy on n8n-MCP? +

Register the n8n- MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every n8n-MCP tool call.

Deterministic rules across all 36 n8n-MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

36 n8n-MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.