74
/ 100
20 days ago
glama

N-central MCP Server

Exposes N-able N-central REST API as MCP tools for managing devices, organizations, users, and more, with support for read-only, write, and full write modes.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 2 credentials: MCP_API_KEY, NC_JWT_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configMCP_ALLOW_UNAUTHENTICATEDMCP_API_KEY HTTP mode Bearer token clients must present. Generate with openssl rand -hex 32. Required unless =1
🔐 secretMCP_API_KEYHTTP mode Bearer token clients must present. Generate with openssl rand -hex 32. Required unless MCP_ALLOW_UNAUTHENTICATED=1
configMCP_AUDIT_LEVEL
configMCP_BIND_ADDRESSoptional Interface to bind. 127.0.0.1 (default) for localhost-only; 0.0.0.0 for Docker / LAN exposure
configMCP_CORS_ORIGINbrowser clients Comma-separated allow-list of origins
configMCP_MAX_BODY_SIZE
configMCP_MAX_SESSIONS
configMCP_METRICS_REQUIRE_AUTH
configMCP_PORTHTTP mode only Setting this enables HTTP mode (omit for stdio)
configMCP_QUIET
configMCP_RATE_LIMIT_MAX
configMCP_RATE_LIMIT_WINDOW_MS
configMCP_SESSION_TTL_MS
configMCP_TRUST_PROXY
configNC_ACCESS_EXPIRY
configNC_FQDN_ALLOWLISTmulti-tenant Comma-separated host suffixes a client may target — SSRF guard (exact or DNS-suffix match)
🔐 secretNC_JWT_TOKENEdit .env — set NC_SERVER_URL and at minimum.
configNC_MAX_RETRIES
configNC_MAX_TENANTS
configNC_MULTI_TENANThosted mode Set to 1 to require per-request X-NC-FQDN/X-NC-JWT headers (HTTP only). See [Multi-Tenant Mode](#multi-tenant-hosted-mode)
configNC_REFRESH_EXPIRY
configNC_REQUEST_TIMEOUT_MS
configNC_RESOURCE_CACHE_TTL_MSResources provide live context to the client without requiring explicit tool calls. Hierarchical resources are cached for 60s by default — set =0 to disable.
configNC_RETRY_DELAY_MS
configNC_SERVER_URLEdit .env — set and NC_JWT_TOKEN at minimum.
configNC_WRITE_MODEoptional read-only \ write \ full (default write)
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/theonlytruebigmac-n-central-mcp-z23gsg)](https://m8ven.ai/mcp/theonlytruebigmac-n-central-mcp-z23gsg)
commit: f7dfb42777651e360ddf119fa58f2893a6edff3d
code hash: 8ae57ca4e33f89b5951a041aa8c4de2300663e3f2997ce3c5eff51ba23c84832
verified: 6/22/2026, 12:12:21 PM
view raw JSON →
N-central MCP Server · M8ven Trust Score | M8ven