Critical-risk tools in n8n MCP Server

Critical severity n8n MCP Server MCP Server 8 of 43 tools

8 of the 43 tools in n8n MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

n8n_delete_credential Destructive 4/5

Permanently delete a credential by ID.
n8n_delete_datatable_rows Destructive 4/5

Delete rows matching a filter. The filter is required (JSON string).
n8n_delete_execution Destructive 4/5

Permanently delete an execution record by ID.
n8n_delete_project Destructive 4/5

Delete a project by ID (Enterprise feature).
n8n_delete_tag Destructive 4/5

Delete a tag by ID. This does not affect workflows that used this tag.
n8n_delete_user Destructive 4/5

Delete a user by ID (requires owner role). Workflows owned by this user must be transferred first.
n8n_delete_variable Destructive 4/5

Delete an environment variable by ID.
n8n_delete_workflow Destructive 4/5

Permanently delete a workflow by ID.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in n8n MCP Server

Tools at critical risk

Attacks that target this class

More on n8n MCP Server

Enforce policy on n8n MCP Server