First thing is, none of my flows are there and only this flow is installed, secondly I have no idea what this flow is and how it got there.
I'm guessing that my Node-Red has been hacked or something nasty has got onto my RPi4.
Of course I will format the SD card and start again, but I wonder if anyone knows what it is and what its purpose is.
Is it possibly linked to IP Royal Pawn because I noticed my router has a number of open ports listed as ip.royal.paw and linked to my RPi4. I'm suspecting that they could be related.
Edit: Just to note, the only other thing running on my RPi4 is Octoprint which is its current primary use.
If you forwarded port 1880 on your router so that you could access Node-red from the Internet, bad servers out there would have quickly noticed the open port.
Then they would have been free to try and crack your Node-red password (You did set a password?) and how ever long it took them you probably would not notice.
Services on a Raspberry Pi are especially juicy hacking targets because by default the normal login account has superuser powers.
Node-red especially so because it has a Web interface but can run operating system commands.
Don't let this put you off Node-red, just flash a new SD card, install Node-red and this time follow the guidance on securing it.
But first of all, turn off port forwarding and never turn it back on!
Thanks everyone.
I got a new SD card and a fresh install. It is not open to the internet and I have checked everything else on my network and all is ok.
It's been over a week now and there are no strange entries on my router (port forwarding).
