Paste your n8n workflow JSON export and get an instant health report — error handler gaps, rate limit risks, disabled nodes, complexity score, and a prioritized fix list.
⋯ menu (top right) → Download → paste the JSON below. Works with n8n Cloud, self-hosted, and n8n Desktop. Most n8n workflows that break in production don’t break because of a logic error — they break because of a missing error handler on an HTTP Request node, a hardcoded API token that rotated, or a retry mechanism that was never configured. The failure is silent, the data stops flowing, and you find out when someone asks why the CRM stopped updating three days ago.
The n8n Workflow Auditor by Triumphoid scans your exported workflow JSON against nine reliability and security checks, scores the result from 0 to 100, and gives you a prioritised fix list. It runs entirely in your browser — your workflow JSON is never uploaded, stored, or sent to any server. It works with n8n Cloud, self-hosted n8n, and n8n Desktop exports.
Nine checks are run every time. They are weighted by how likely each issue is to cause a production failure:
Detects HTTP Request, Code, and integration nodes that have no error branch and no “Continue on Fail” enabled — the most common cause of silent workflow failures.
Scans node parameters for API key and token patterns that appear to be literal values rather than n8n Credentials references. Hardcoded secrets are a security and maintenance risk.
A workflow with no trigger can only run via direct API call. This check flags workflows that are likely missing their entry point, or were exported mid-build.
Every external HTTP call should have retry logic. Transient 5xx errors, momentary DNS blips, and overloaded APIs are facts of life — retry turns them into non-events.
Workflows over 40 nodes are flagged as high complexity. Large monolithic workflows are difficult to debug, test, and hand over. n8n’s Execute Workflow node exists for a reason.
Disabled nodes accumulate during development and testing. They add visual noise, confuse collaborators, and sometimes hide intent. The auditor lists them so you can make a conscious decision.
When two nodes share a name, error logs become ambiguous. n8n identifies nodes by name in execution logs, so duplicates make post-mortem debugging significantly harder.
Sticky notes are free inline documentation. Workflows that run business-critical operations should explain what they do, what data they touch, and where they can go wrong.
If a workflow has a real trigger but is toggled off, the auditor flags it. Useful for spotting workflows that were paused for maintenance and never re-enabled.
The auditor accepts the standard n8n workflow export format. Here’s how to get it from each environment:
n8n Cloud and self-hosted: Open your workflow → click the ⋯ menu in the top-right corner → select Download. This downloads a .json file. Open it in any text editor, select all, and paste into the auditor.
n8n Desktop: Same process — open the workflow → ⋯ menu → Download.
Via the n8n API: If you’re managing workflows programmatically, the GET /workflows/{id} endpoint returns the same JSON format the auditor expects.
The auditor does not require authentication, does not connect to your n8n instance, and does not make any network requests after the page loads. Everything runs locally in your browser using JavaScript.
No. The auditor runs entirely in your browser. The JSON you paste is parsed and analysed by client-side JavaScript — it never leaves your machine, is never uploaded anywhere, and is not stored or logged. You can verify this by opening your browser’s network tab while running an audit: you’ll see zero outbound requests.
Yes. The auditor works with workflow JSON exported from any n8n environment — Cloud, self-hosted (Docker or npm), and n8n Desktop. The export format is identical across all three. It also works with older workflow versions, though some node type checks are tuned for n8n v1.x naming conventions.
A low score means the workflow has reliability or security gaps, not necessarily that it’s broken today. Many workflows run for months with missing error handlers — right up until the API they call starts returning 429s, or a token rotates. The score reflects production readiness, not current functionality.
Absolutely. The fix list is prioritised guidance, not a gate. There are legitimate reasons to leave a node without error handling — for example, if a failure in that node should intentionally stop the workflow. Use your judgment: the audit report tells you what’s there, you decide what matters for your use case.
Make.com blueprint auditing is on the roadmap. The JSON structure is significantly different from n8n, so it will be a separate tool. If this is useful to you, let us know — it helps us prioritise.
Completely free, with no limits. You can audit as many workflows as you like with no account, no login, and no usage cap. It’s one of nine free tools Triumphoid maintains for the B2B automation community.
The Workflow Auditor is one of nine free browser-based tools built for teams running n8n, Make.com, and Zapier in production.