What it is
n8n and Flowise are the Zapier of the AI era: visual builders where every node can be an HTTP call, a database query, an LLM call, or a downstream automation. They are how non-engineers ship real agentic systems: drag a Gmail node, an OpenAI node, a Postgres node onto a canvas, click run. The expressive power is genuinely impressive, and that’s why they have caught on in startups, marketing teams, and internal-tools shops.
What goes wrong
Every workflow is a JSON document containing the credentials of every service
it touches. The default n8n install exposes the editor at / with no auth on
first boot; the operator is supposed to enable basic auth themselves. Many
don’t. Flowise has the same shape: visit the IP, see the canvas, see the API
keys baked into the OpenAI node, see which CRM is wired to which Gmail account.
A single exposed instance can leak the API keys for the operator’s entire SaaS
stack, plus a list of every workflow they run.
How we test
We fingerprint the editor by its asset bundle, then read the workflow list through the public REST API (no auth in the default config). Each workflow’s JSON exposes credentials by reference. We resolve the reference through the credentials endpoint and confirm the secret is present without ever exfiltrating it. We catalogue the workflow names because they tell the operator’s story better than any banner: “Daily-report-to-CEO”, “Sync-Stripe-to-Notion”, etc.