Awesome/awesome-openclaw-usecases
1
0
Fork 0
mirror of https://github.com/hesamsheikh/awesome-openclaw-usecases.git synced 2026-02-20 01:35:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb19a6123505d834c4d5a23cdb99ad54fb6094c1
awesome-openclaw-usecases/usecases/n8n-workflow-orchestration.md
hesamsheikh e18bad37bf 4 new usecases
2026-02-11 14:08:44 +01:00

108 lines
5.8 KiB
Markdown
Raw Blame History

# OpenClaw + n8n Workflow Orchestration
Letting your AI agent directly manage API keys and call external services is a recipe for security incidents. Every new integration means another credential in `.env.local`, another surface for the agent to accidentally leak or misuse.
This use case describes a pattern where OpenClaw delegates all external API interactions to n8n workflows via webhooks — the agent never touches credentials, and every integration is visually inspectable and lockable.
## Pain Point
When OpenClaw handles everything directly, you get three compounding problems:
- **No visibility**: It's hard to inspect what the agent actually built when it's buried in JavaScript skill files or shell scripts
- **Credential sprawl**: Every API key lives in the agent's environment, one bad commit away from exposure
- **Wasted tokens**: Deterministic sub-tasks (send an email, update a spreadsheet) burn LLM reasoning tokens when they could run as simple workflows
## What It Does
- **Proxy pattern**: OpenClaw writes n8n workflows with incoming webhooks, then calls those webhooks for all future API interactions
- **Credential isolation**: API keys live in n8n's credential store — the agent only knows the webhook URL
- **Visual debugging**: Every workflow is inspectable in n8n's drag-and-drop UI
- **Lockable workflows**: Once a workflow is built and tested, you lock it so the agent can't modify how it interacts with the API
- **Safeguard steps**: You can add validation, rate limiting, and approval gates in n8n before any external call executes
## How It Works
1. **Agent designs the workflow**: Tell OpenClaw what you need (e.g., "create a workflow that sends a Slack message when a new GitHub issue is labeled `urgent`")
2. **Agent builds it in n8n**: OpenClaw creates the workflow via n8n's API, including an incoming webhook trigger
3. **You add credentials**: Open n8n's UI, add your Slack token / GitHub token manually
4. **You lock the workflow**: Prevent further modifications by the agent
5. **Agent calls the webhook**: From now on, OpenClaw calls `http://n8n:5678/webhook/my-workflow` with a JSON payload — it never sees the API key
```text
┌──────────────┐ webhook call ┌─────────────────┐ API call ┌──────────────┐
│ OpenClaw │ ───────────────────→ │ n8n Workflow │ ─────────────→ │ External │
│ (agent) │ (no credentials) │ (locked, with │ (credentials │ Service │
│ │ │ API keys) │ stay here) │ (Slack, etc)│
└──────────────┘ └─────────────────┘ └──────────────┘
```
## Skills You Need
- `n8n` API access (for creating/triggering workflows)
- `fetch` or `curl` for webhook calls
- Docker (if using the pre-configured stack)
- n8n credential management (manual, one-time setup per integration)
## How to Set It Up
### Option 1: Pre-configured Docker Stack
A community-maintained Docker Compose setup ([openclaw-n8n-stack](https://github.com/caprihan/openclaw-n8n-stack)) pre-wires everything on a shared Docker network:
```bash
git clone https://github.com/caprihan/openclaw-n8n-stack.git
cd openclaw-n8n-stack
cp .env.template .env
# Add your Anthropic API key to .env
docker-compose up -d
```
This gives you:
- OpenClaw on port 3456
- n8n on port 5678
- Shared Docker network so OpenClaw can call `http://n8n:5678/webhook/...` directly
- Pre-built workflow templates (multi-LLM fact-checking, email triage, social monitoring)
### Option 2: Manual Setup
1. Install n8n (`npm install n8n -g` or run via Docker)
2. Configure OpenClaw to know the n8n base URL
3. Add this to your AGENTS.md:
```text
## n8n Integration Pattern
When I need to interact with external APIs:
1. NEVER store API keys in my environment or skill files
2. Check if an n8n workflow already exists for this integration
3. If not, create one via n8n API with a webhook trigger
4. Notify the user to add credentials and lock the workflow
5. For all future calls, use the webhook URL with a JSON payload
Workflow naming: openclaw-{service}-{action}
Example: openclaw-slack-send-message
Webhook call format:
curl -X POST http://n8n:5678/webhook/{workflow-name} \
-H "Content-Type: application/json" \
-d '{"channel": "#general", "message": "Hello from OpenClaw"}'
```
## Key Insights
- **Three wins in one**: Observability (visual UI), security (credential isolation), and performance (deterministic workflows don't burn tokens)
- **Lock after testing**: The "build → test → lock" cycle is critical — without locking, the agent can silently modify workflows
- **n8n has 400+ integrations**: Most external services you'd want to connect already have n8n nodes, saving the agent from writing custom API calls
- **Audit trail for free**: n8n logs every workflow execution with input/output data
## Inspired By
This pattern was described by [Simon Høiberg](https://x.com/SimonHoiberg/status/2020843874382487959), who outlined three reasons this approach beats letting OpenClaw handle API interactions directly: observability through n8n's visual UI, security through credential isolation, and performance by running deterministic sub-tasks as workflows instead of LLM calls. The [openclaw-n8n-stack](https://github.com/caprihan/openclaw-n8n-stack) repository provides a ready-to-run Docker Compose setup implementing this pattern.
## Related Links
- [n8n Documentation](https://docs.n8n.io/)
- [openclaw-n8n-stack (Docker setup)](https://github.com/caprihan/openclaw-n8n-stack)
- [n8n Webhook Trigger Docs](https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.webhook/)
Reference in New Issue View Git Blame Copy Permalink