Free security scanner for n8n, Make & Zapier workflows. Detect hardcoded API keys, passwords, and authentication vulnerabilities in seconds.
Most companies don't realize their automation workflows are creating compliance vulnerabilities
Source: Verizon PCI Compliance Report
Source: HHS-OCR 2016-2017 Audit Report
Most failures due to exposed credentials
And auditors WILL find them. WorkflowGuard finds them first.
Upload your workflow JSON. Get a comprehensive security report in seconds.
Scans for 10+ credential types including AWS keys, Stripe tokens, OpenAI keys, GitHub tokens, and more.
Detects n8n unauthenticated webhooks, Make exposed connections, and Zapier plaintext auth.
Everything runs in your browser. Your workflow data never leaves your computer. No servers, no tracking.
Get a 0-100 security score with severity ratings (Critical, High, Medium) for each finding.
Every vulnerability includes specific instructions on how to fix it properly.
Export scan results as text files for documentation, team review, or compliance evidence.
Our pattern-based detection engine scans for the most common security vulnerabilities found in automation workflows.
Example scan results showing detected vulnerabilities
WorkflowGuard is built by Radu Pisano, a federal cybersecurity expert with 16+ years of experience
16+ years investigating healthcare fraud, digital forensics, and computer forensics
Privacy First: No data collection. No tracking. No servers.
All scanning happens locally in your browser.
Start with the free scanner. Get notified when WorkflowGuard Pro launches with continuous monitoring, team collaboration, and compliance reports.
Try Free Scanner Now βAbsolutely. WorkflowGuard runs 100% in your browser using JavaScript. Your workflow JSON file never leaves your computer. We don't have servers, databases, or any way to collect your data. You can even use it offline.
WorkflowGuard currently supports n8n, Make (Integromat), and Zapier. Simply export your workflow as a JSON file from any of these platforms and upload it to the scanner.
The free POC uses pattern-based detection with regex patterns for known credential formats (AWS keys, Stripe keys, etc.). It's highly accurate for these specific patterns. WorkflowGuard Pro will add AI-powered deep analysis for contextual vulnerabilities.
Yes! WorkflowGuard scans the JSON file format, which is the same whether you're using n8n Cloud or self-hosted. Export your workflow, upload the JSON file, and scan.
The free POC provides pattern-based scanning and security scores. WorkflowGuard Pro (launching soon) will add:
No. WorkflowGuard is a pre-audit tool that helps you find and fix workflow security issues before auditors arrive. It generates evidence and gap analysis but does not certify compliance. You'll still need an independent auditor for SOC 2 certification.
WorkflowGuard was built by Radu Pisano, a federal cybersecurity investigator with CISSP, CFE, and CAISP certifications. After 16+ years investigating digital crimes, I saw companies repeatedly fail audits due to exposed credentials in automation workflowsβa gap that existing security tools don't address.