N-able N-central + AI in 60 seconds
Unofficial. Community-built Claude Code Skill and MCP server for the N-able N-central API. Not affiliated with, endorsed by, or sponsored by N-able, Inc..
Awaiting live verification - passes every mechanical gate (build, command-surface, claims, install). Be the first to confirm it against your tenant: report it works.
N-central knows every device you manage - and answering “where is that machine” still means walking the console’s org tree. Ask your AI “what’s red right now”, “where is EXCHANGE01”, or “which devices have no maintenance window before Saturday’s patch wave” and get rollups the console can’t compose: cross-tenant search from an offline mirror, severity-ranked triage, coverage audits, and a guardian that catches the JWT before it silently dies.
New to the term? An MCP server is the same thing ChatGPT calls an app or connector, Claude on the web calls a connector, and Claude Code calls a Skill. One thing, many names →
Install in 60s → View on GitHub →
Instead of clicking through N-able N-central, just ask
Instead of Walking the console org tree customer by customer to find which site a machine lives under
just ask: “Where is EXCHANGE01?”
Your agent runs: n-central-cli whereis EXCHANGE01
Instead of Opening every customer’s active-issues view one at a time for the morning NOC sweep
just ask: “What’s red right now, worst first, by customer?”
Your agent runs: n-central-cli triage --by customer
Instead of Finding out the integration died because the API user’s 90-day password expiry silently invalidated the JWT
just ask: “Is our N-central API access healthy, and when does it expire?”
Your agent runs: n-central-cli guardian --password-set 2026-03-01
See it in 30 seconds
Demo data is simulated. Every command shown exists in the real CLI.
What it does
| Question your MSP keeps asking | Command your agent runs |
|---|---|
| What’s red right now, grouped by customer and ranked by severity? | n-central-cli triage --by customer |
| Where is EXCHANGE01 - server, service org, customer, site? | n-central-cli whereis EXCHANGE01 |
| Find anything named acme across every server we run | n-central-cli fanout "acme" |
| Which devices are missing the Backup Plan custom property, by customer? | n-central-cli props audit --required "Backup Plan" |
| Which devices have no maintenance window before the June 15 patch wave? | n-central-cli maint coverage --before 2026-06-15 |
| Is the JWT healthy, and when does the API user’s password kill it? | n-central-cli guardian --password-set 2026-03-01 |
| Hardware and software inventory for one device | n-central-cli devices assets 987654321 |
| Every device, exported for the QBR or your documentation tool | n-central-cli export "devices" --format jsonl |
Full command reference at github.com/servosity/msp-skills/blob/main/skills/n-central/guide.md.
What makes this one different
Most N-central integrations proxy each question into live REST calls - which means org-tree pagination, per-endpoint concurrency caps, and a JWT that dies silently on password rotation. This skill syncs the org tree (service orgs, customers, sites, devices) into a local SQLite mirror: whereis and fanout answer from it instantly and offline, across as many N-central servers as you run; triage, props audit, and maint coverage sweep live data customer by customer without you scripting the pagination; and guardian turns the silent auth failure mode into a CI-wireable warning.
It complements the N-central console rather than replacing it: the console stays best for remote control and policy configuration, while this skill brings the org tree to whichever agent you already use and answers the cross-tenant rollups - where is this device, what’s red everywhere, who has no maintenance window - that no single console screen composes.
The pain this closes
- The morning NOC sweep is a per-customer console walk: active issues live under each org unit, so “what’s red right now across everyone” means opening each customer’s view - and at multi-server MSPs, repeating it in every console. N-able’s own REST API documentation caps concurrency per endpoint (429 responses beyond 3-50 concurrent calls), so naive scripted sweeps throttle.
- The API user’s password expiry - 90 days by default - silently invalidates the JWT, and the integration just stops. The community-maintained NC-API-Documentation project on GitHub documents the trap: an expired password for the originating account blocks JWT access, and regenerating the token invalidates the previous one.
- N-central sometimes returns an error message inside an HTTP 200 response - listed in N-able’s official REST API known issues and limitations - so a script that only checks status codes happily processes an error body as data.
Install
Works in any of these agents - pick yours:
| Agent | Quick install |
|---|---|
| Claude Desktop | Step-by-step → |
| ChatGPT (Plus/Pro+) | Step-by-step → |
| Claude Code | Step-by-step → |
| Codex CLI | Step-by-step → |
| Cursor, Windsurf, Cline, Continue, Zed, Copilot, Gemini, Hermes, OpenClaw | Which agent? → |
Quickest path for everyone else (terminal):
macOS / Linux:
bash <(curl -fsSL https://raw.githubusercontent.com/servosity/msp-skills/main/skills/n-central/install.sh)
Windows (PowerShell):
iwr -useb https://raw.githubusercontent.com/servosity/msp-skills/main/skills/n-central/install.ps1 | iex
After install, authenticate once with your N-able N-central credentials, then verify with n-central-cli --version.
Safety model
| Tier | Examples | Recommended agent policy |
|---|---|---|
| Read | n-central-cli triage –by customer; n-central-cli whereis EXCHANGE01; n-central-cli fanout “acme”; n-central-cli devices list; n-central-cli props audit –required “Backup Plan”; n-central-cli maint coverage; n-central-cli guardian; n-central-cli export devices | Allow |
| Write (routine) | n-central-cli import |
Preview with –dry-run, then a reviewed write |
| Destructive / high impact | n-central-cli scheduled-tasks run –task-type Script –device-id |
Human-in-the-loop only |
The skill drives the n-central-cli and n-central-mcp binaries, authenticating with an API-only user’s JWT (NCENTRAL_JWT) exchanged for short-lived access tokens - never logged and never sent anywhere except your N-central server. Nearly all commands are read-only; the exceptions are scheduled-tasks run (executes an API-enabled script or automation policy on a live device) and import (POSTs records), both previewable with the opt-in –dry-run flag. Registration tokens enroll new devices - treat them like credentials. The API user’s role in N-central is the real permission boundary. Full details in governance.md.
Frequently asked questions
Does this work with ChatGPT?
Yes, on paid ChatGPT plans. ChatGPT connects to remote MCP servers over HTTPS, so you expose the local N-central MCP server via a secure bridge. Step-by-step in the install guide.
Do I need to know how to code?
No. Paste one sentence into Claude Code or Codex and your agent does the install, or run a one-line installer. You enter your credentials once.
Is my N-central data safe?
Your data stays on your machine. The CLI, MCP server, and the local mirror are all local. The AI sees query results, not raw bulk data, and credentials are never bundled or transmitted by MSP Skills.
What does it cost?
Free. Apache-2.0 licensed. You pay only for whichever AI agent you already use.
What credentials do I need?
A JSON Web Token for an API-only user: in N-central, go to Administration > User Management > Users > select the API user > API Access > Generate JSON Web Token. MFA must be off on that user, and the user’s password expiry (90 days by default) silently invalidates the JWT - guardian tracks that countdown. Set NCENTRAL_JWT and N_CENTRAL_BASE_URL (e.g. https://yourmsp.ncod.n-able.com/api).
Can this make changes in N-central?
Almost everything is read-only. Two commands can change things: scheduled-tasks run executes an API-enabled Automation Policy or Script on a device, and import POSTs records from a JSONL file. –dry-run is an opt-in preview, not a default - the recommended agent policy is preview first, a human approves, then run. Keep scheduled-tasks run human-in-the-loop.
We run more than one N-central server - does this handle that?
Yes. Each server syncs to its own local mirror, and fanout unions them: one query returns matches across every server’s mirror, each row tagged with the server it came from.
Will this hit N-central API rate limits?
N-able documents per-endpoint concurrency caps - 429 responses beyond roughly 3 to 50 concurrent calls depending on the endpoint. The CLI ships a –rate-limit throttle, and the heaviest questions (whereis, fanout, search) run against the local mirror with zero API calls.
Does this work with N-able N-sight?
No. This skill targets the N-central REST API specifically. N-sight is a separate N-able product with a separate API.
Status
Beta. Validated against the N-able N-central API surface and being validated with MSPs running it live against their own production tenants in our weekly Build Sessions.
Standards. Conforms to the open Agent Skills spec (Anthropic, Dec 2025; 40+ agents). MCP-compatible - works with any MCP-capable agent including Hermes. OpenClaw-ready (frontmatter pre-wired, awaiting OpenClaw launch).
Maintained by Servosity for the MSP community. Apache-2.0 licensed. Built with CLI Printing Press.