n8n-expression-syntax

Helps validate and troubleshoot n8n expression syntax for dynamic data access in workflows, ensuring correct usage of variables.

Install this skill

or

8/100

Security score

The n8n-expression-syntax skill was audited on May 15, 2026 and we found 24 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 314

Template literal with variable interpolation in command context

SourceSKILL.md

314

```

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: Validate n8n expression syntax and fix common errors. Use when writing n8n expressions, using {{}} syntax, accessing $json/$node variables, troubleshooting expression errors, or working w

medium line 14

Webhook reference - potential data exfiltration

SourceSKILL.md

14	- The task involves `$json`, `$node`, webhook payloads, or expression-related workflow errors.

low line 58

Webhook reference - potential data exfiltration

SourceSKILL.md

58	{{$node["Webhook"].json.body.email}}

medium line 88

Webhook reference - potential data exfiltration

SourceSKILL.md

88	## 🚨 CRITICAL: Webhook Data Structure

medium line 90

Webhook reference - potential data exfiltration

SourceSKILL.md

90	Most Common Mistake: Webhook data is NOT at the root!

medium line 92

Webhook reference - potential data exfiltration

SourceSKILL.md

92	### Webhook Node Output Structure

medium line 107

Webhook reference - potential data exfiltration

SourceSKILL.md

107	### Correct Webhook Data Access

medium line 118

Webhook reference - potential data exfiltration

SourceSKILL.md

118	Why: Webhook node wraps incoming data under `.body` property to preserve headers, params, and query parameters.

low line 147

Webhook reference - potential data exfiltration

SourceSKILL.md

147	{{$node["Respond to Webhook"].json.message}}

low line 149

Webhook reference - potential data exfiltration

SourceSKILL.md

149	// Webhook node

low line 150

Webhook reference - potential data exfiltration

SourceSKILL.md

150	{{$node["Webhook"].json.body.email}}

medium line 191

Webhook reference - potential data exfiltration

SourceSKILL.md

191	### ❌ Webhook Paths

low line 195

Webhook reference - potential data exfiltration

SourceSKILL.md

195	path: "{{$json.user_id}}/webhook"

low line 198

Webhook reference - potential data exfiltration

SourceSKILL.md

198	path: "user-webhook" // Static paths only

medium line 269

Webhook reference - potential data exfiltration

SourceSKILL.md

269	\| `{{$json.name}}` (webhook) \| `{{$json.body.name}}` \|

medium line 278

Webhook reference - potential data exfiltration

SourceSKILL.md

278	### Example 1: Webhook to Slack

medium line 280

Webhook reference - potential data exfiltration

SourceSKILL.md

280	Webhook receives:

medium line 480

Webhook reference - potential data exfiltration

SourceSKILL.md

480	- Reference webhook data from `.body`

medium line 489

Webhook reference - potential data exfiltration

SourceSKILL.md

489	- Don't assume webhook data is at root (it's under .body!)

medium line 490

Webhook reference - potential data exfiltration

SourceSKILL.md

490	- Don't use expressions in webhook paths or credentials

medium line 506

Webhook reference - potential data exfiltration

SourceSKILL.md

506	2. Webhook data is under `.body`

medium line 513

Webhook reference - potential data exfiltration

SourceSKILL.md

513	- `{{$json.name}}` in webhooks → Use `{{$json.body.name}}`

low line 160

External URL reference

SourceSKILL.md

160	https://api.example.com/users/{{$json.body.user_id}}

Scanned on May 15, 2026

View Security Dashboard

Installation guide →

GitHub Stars 37.6K

Rate this skill

Categorymarketing

UpdatedMay 20, 2026

openclaw api growth-marketer product-manager data-analyst n8n marketing product data analytics

sickn33/antigravity-awesome-skills