Critical-risk tools in n8n Management MCP Server
5 of the 27 tools in n8n Management MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
n8n_delete_credentialDestructiveRemove stored credential. Cannot delete credentials currently used in active workflows. Deactivate dependent workflows first. Use with caution as this may break workflows.
-
n8n_delete_executionDestructiveRemove execution record from history to save storage or clean up test runs. Permanently deletes execution data. Use after debugging or to maintain clean execution logs.
-
n8n_delete_tagDestructiveRemove tag from system. Automatically removes this tag from all workflows using it. Tag removal does not affect workflows themselves, only the tag association.
-
n8n_delete_userDestructiveRemove user from n8n instance. Only available to instance owner. Cannot delete the owner account. Deleted users lose access immediately. Workflows created by this user remain in...
-
n8n_delete_workflowDestructivePermanently delete a workflow and all associated execution history. This action cannot be undone. Workflow must be deactivated first. Use with caution.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.