n8n

SUSPICIOUS. The direct n8n API usage is purpose-aligned and mostly benign, but the optional MCP integration materially increases risk: it auto-executes an unpinned third-party package from a personal publisher and hands it a potentially full-access n8n API key. Not confirmed malware, but the credential-forwarding and supply-chain posture are disproportionate enough to warrant caution.