workflow templates float around n8n's library, GitHub repos, Gumroad, and Telegram groups — almost none of them vetted before you import.
FREE · NOTHING IS UPLOADED
Never import a workflow
you can't see inside.
Bought a template on Gumroad, grabbed one off GitHub, or got one in a Discord — and not sure it's safe? Paste it below and Peekflow shows you, in plain English, what it does, what it needs, what it costs, and what it's quietly hiding. It only reads the file — it never runs your automation or touches your accounts.
- Free — finds leaked API keys, tokens & secrets in seconds
- Read-only & safe — it can't run anything or break your setup
- 100% private — nothing leaves your browser (works offline)
Works with n8n & Make.com files. On Zapier? Most plans can't export a Zap yet — paste it if you have one, and lean on it for any n8n/Make automations you use.
◉ Paste your workflow
awaiting paste…
Not sure how to get this file?
n8n: open the workflow → top-right ⋯ menu → Download (or select all nodes and copy). Paste the file's contents here.
Make.com: open the scenario → bottom ⋯ menu → Export Blueprint. Paste the downloaded JSON here.
or try a sample:
Nothing is uploaded — your workflow is analyzed entirely in this tab. Proof: turn off your wi-fi and it still works.
◉ Recent — saved only on this device
◉ Inspection report
—
Selling or sharing this workflow? Show buyers it's been inspected.
0/100
TRUST SCORE
- 0–44 High risk
- 45–77 Caution
- 78–100 Clean
Why this score?
➜ What to do now
❝ In plain English
⬡ Flow map
🛡 Safety & trust scan
✓ Will it work? — readiness checklist
⛁ Cost calculator
▤ Full node inventory
Heuristic analysis of pasted text only. Peekflow never executes the workflow and never sees your live credentials. Treat results as a strong first opinion, not a security guarantee.
THE PROBLEM
The template economy ships fast and breaks quietly.
a real supply-chain attack hid in fake n8n community nodes, decrypting and exfiltrating users' OAuth tokens at runtime. "Import and pray" stopped being a joke.
exported workflows routinely leak hardcoded API keys in HTTP headers, Code nodes, and sticky notes — pasted by authors who forgot they were there.
the worst failures are the quiet ones: a template "runs green" but does the wrong thing, or needs a paid app you don't have. You find out in production.
Peekflow is the missing step between “nice template!” and the import button.
HOW IT WORKS
Three seconds, zero uploads.
-
01
Paste the file
Drop in the raw n8n JSON or Make.com blueprint you were given. Peekflow auto-detects which platform it came from.
-
02
Peekflow reads it locally
Your browser parses the graph, maps every node to a human action, scans every string for secrets, and tallies the cost — all on this page.
-
03
You decide with eyes open
Get a trust score, a plain-English summary, a readiness checklist, and a one-click redacted copy that's safe to share or sell.
WHAT IT INSPECTS
A full bench of instruments.
Plain-English explainer
Turns a tangle of nodes into a sentence: “Watches Gmail, summarizes each email with OpenAI, logs it to Sheets, pings Slack.”
Leaked-secret detector
Regex + entropy scan for API keys, bearer tokens, JWTs, private keys, webhook secrets, and personal emails hiding in parameters & code.
Risk flags
Surfaces arbitrary-code nodes, raw HTTP calls, unauthenticated webhooks, and non-official community nodes — the usual blast radius.
Readiness checklist
Every credential, every paid app, and every external endpoint you'll need to wire up before the workflow does anything useful.
Cost estimate
Counts the operations / node executions per run so Make and Zapier-refugees can see the bill coming before they commit.
Redact & clean
One click strips the secrets and personal data and hands back a safe-to-share copy — perfect for sellers shipping clean templates.
PRIVACY BY ARCHITECTURE
Your workflow never leaves this tab.
The whole point is trust — so Peekflow sends nothing to a server. There is no backend, no account, no logging. The analyzer is plain JavaScript that runs on your device. The simplest proof: turn off your wi-fi and it still works perfectly — because it never needed the internet to read your file. That's not a privacy policy you have to take on faith; it's how the thing is built.
FAQ
Reasonable questions.
Which platforms are supported?
n8n (workflow JSON) and Make.com (scenario “blueprints”) today — they're the two that ship freely-shared, pasteable files. Zapier only lets Team/Enterprise plans export JSON and exports all Zaps at once, so most shared Zaps can't be inspected; paste it if you have it and Peekflow will do its best. Notion templates are duplicated pages rather than files, so they're out of scope.
Do you really not upload my workflow?
Correct. Every step — parsing, secret scanning, diagramming, redaction — happens in your browser. There's no server to send your workflow to. The simplest proof: disconnect from the internet and Peekflow still analyzes your file perfectly.
Is the secret scan a security guarantee?
No. It catches the common, high-signal patterns (recognizable key formats, high-entropy strings, sensitive field names). A determined obfuscator can hide things. Treat a clean result as “no obvious red flags,” not “certified safe.”
How accurate is the cost estimate?
It's a heuristic based on counting node executions / Make operations per run. Loops, batching, and conditional branches change the real number, so Peekflow shows a range and tells you what drives it.
I sell templates. Why would I use this?
Run your file through Redact & clean before you ship it so you never leak your own keys, and paste the report into your listing as proof it's transparent and dependency-honest. Trust sells.