Security Findings
All security issues discovered during the N8N workflow audit of OVH2 (15.204.10.51), ranked by severity.
Critical — Exposed API Keys
These API keys are hardcoded directly in workflow JSON files and should be rotated immediately.
1. OpenAI API Key
| Field | Value |
|---|---|
| Workflow | stateless hypno elp (d7bQkpbcLGaUuKB3) |
| Instance | n8n-dev1 |
| Status | ACTIVE |
| Key prefix | sk-proj-8ceAlh6KEm9Z... |
| Risk | Full OpenAI API access — chat, TTS, embeddings, image generation |
The key is embedded directly in the workflow JSON rather than stored in the N8N credential store. Since this workflow is active, the key is in active use.
2. Mistral API Key
| Field | Value |
|---|---|
| Workflow | Hypno-elp copy for development (dcNLFpLEH45VxtCb) |
| Instance | n8n-dev1 |
| Status | ACTIVE |
| Key prefix | wBAT5tJwxM3x... |
| Risk | Full Mistral API access — chat completions, Voxtral audio transcription |
Also found in Telegram chatbot workflows on the same instance.
3. Replicate API Key
| Field | Value |
|---|---|
| Workflow | AI Faceless Video (TQ0lQzqLmBxP3mD0) |
| Instance | n8n-dev1 |
| Status | INACTIVE (archived) |
| Key prefix | r8_GrHoHDvzgKGld... |
| Risk | Replicate model execution — image/video generation billing |
Hardcoded in 4+ HTTP Request nodes as Bearer token headers.
4. Creatomate API Key
| Field | Value |
|---|---|
| Workflow | AI Faceless Video (TQ0lQzqLmBxP3mD0) |
| Instance | n8n-dev1 |
| Status | INACTIVE (archived) |
| Key prefix | ae5892b865b248c2b2af... |
| Risk | Creatomate video rendering — potential billing abuse |
Hardcoded in 2+ HTTP Request nodes as Bearer token headers.
High — Hardcoded Service Credentials
5. Z-API WhatsApp Credentials
| Field | Value |
|---|---|
| Affected Workflows | WhatsApp MCP Server, ZAPI MCP Server, WhatsApp MCP Client, My workflow 6, Notify on Email Received |
| Instance | n8n-dev1 |
| Instance ID | 3D21D6F3141E90BBA87A72B70F2FFCF9 |
| Token | 743FD591DF67F526672CE483 |
| Client Token | Fd25647edd17d4a07b70903140af0fbf9S |
| Risk | Full WhatsApp messaging control — send/receive messages, validate numbers |
The Z-API credentials are embedded directly in HTTP request URLs rather than stored in N8N credential store. Example URL pattern:
https://api.z-api.io/instances/3D21D6F.../token/743FD59.../send-text
Three of these workflows are ACTIVE, meaning the credentials are in production use.
6. Hardcoded Phone Numbers
| Phone | Location | Likely Owner |
|---|---|---|
639946916633 |
ZAPI MCP Server, Notify on Email, My workflow 6 | Raven (Philippines +63) |
13465390559 |
My workflow 6 | Connected WhatsApp number |
5511999998888 |
My workflow 6 | Test number (Brazil +55) |
These are embedded in workflow JSON and visible to anyone with access to the N8N instance or exported workflow files.
Medium — Configuration Issues
7. Webhook Path Conflicts
Path: /api/v1/voice-chat — used by 5 workflows:
| Workflow | ID | Status |
|---|---|---|
| stateless hypno elp | d7bQkpbcLGaUuKB3 |
ACTIVE |
| Hypno-elp copy for development | dcNLFpLEH45VxtCb |
ACTIVE |
| dev stateless hypno elp for HTMLTesting | yiMvblqvLwZKn04b |
Inactive |
| hypno help live | rxGRAHJjRzcuFMu1 |
Inactive |
| My workflow 7 | 4u4tqOjSQ4U8pHFL |
Inactive |
Only one workflow can handle requests at a given webhook path. Having two active workflows on the same path means one is silently shadowing the other.
Path: /webhook/91ce8cb8-... — used by 2 ACTIVE workflows:
| Workflow | ID | Status |
|---|---|---|
| WhatsApp MCP Server | H3oheqegPTTanSH9 |
ACTIVE |
| ZAPI MCP Server | YJz9b9fjSWJpnE1W |
ACTIVE |
8. SQL Injection Risk
| Field | Value |
|---|---|
| Workflow | CMS (gSqaB6rDWz4lVk5M) |
| Instance | n8n |
| Node | Multiple Postgres query nodes |
| Risk | Queries built with string interpolation from webhook input |
The CMS workflow builds SQL queries using template literals with user-provided values, e.g.:
SELECT * FROM table WHERE id = '${input.value}'
Low Severity
9. Supabase Project URLs Exposed
The Supabase project URL kagtryxgjwavupzlmlzv.supabase.co is hardcoded in:
- stateless hypno elp (active) —
/functions/v1/update_ai_usage - Gmail AI Auto-Responder (active) —
/functions/v1/app_logs
10. Aggressive RSS Polling
The Youtube Transcription Analyzer (bB8J4YpysaGg9xaT) has an RSS trigger set to poll every minute. While inactive, if activated it would generate excessive requests.
11. Active + Archived Inconsistency
Four workflows are marked both active: true and archived: true, which is an inconsistent state:
- Life on Roatan (
xS7dskXPJcOvT0zz) - maxtracks AI (
7i6iPUkkRl7dLSUo) - Google Maps Email Scraper (
SeYAtAj3TnQZDb70) - My Sub-Workflow 1 (
r90VSqrWWb9giFEi)
Recommendations
Immediate Actions
- Rotate all exposed API keys — OpenAI, Mistral, Replicate, Creatomate
- Move Z-API credentials to N8N credential store instead of hardcoding in URLs
- Remove phone numbers from workflow JSON files
- Fix webhook path conflicts — deactivate duplicate registrations
Short-Term
- Use parameterized queries in the CMS workflow to prevent SQL injection
- Clean up archived workflows — resolve active+archived inconsistencies
- Audit n8n-dev2 — 4 unused workflows, consider decommissioning the instance
- Review Firebase endpoints —
max-inventory-scanner-b0b53Cloud Functions are called without authentication
Long-Term
- Implement workflow naming conventions — many workflows are “My workflow N”
- Consolidate MCP servers — multiple overlapping MCP server workflows
- Document credential ownership — track which team member owns each credential
- Set up credential rotation schedule — especially for API keys