n8n-architect

The file is a legitimate, practical integration guide for using MCP with n8n AI Agents and correctly highlights useful configurations (agent params, maxIterations, tool types). However, it endorses runtime patterns that carry non-trivial supply-chain and data-exfiltration risks: executing npm packages via 'npx' without pinning/verifying, and connecting to arbitrary SSE MCP servers. The document lacks concrete mitigations (version pinning, package provenance verification, endpoint trust model, network egress controls, least-privilege credential examples, and sandboxing). The document itself is not directly malicious, but following its examples as-is can enable remote code execution and sensitive data leakage. Recommend: pin package versions and use lockfiles, require signed packages or vetted artifacts, prefer self-hosted or audited MCP servers, restrict filesystem paths and DB scopes, enforce network egress rules and TLS verification, add logging/audit and redaction of sensitive data, and avoid npx runtime installs in production.