← Index

io.github.cyanheads/ntfy-mcp-server

io.github.cyanheads/ntfy-mcp-server·v2.1.1·Developer Tools

Send, manage, and replay ntfy push notifications via MCP.

In-path gate · all MCP tools

Using io.github.cyanheads/ntfy-mcp-server in Claude, Cursor, Gemini CLI, Cline, or Zed?

MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).

Install the mcpindex gate (one command)

Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less

curl -fsSL https://mcpindex.ai/install.sh | sh
Trust verdict · v1 advisory · method
REVIEWstatus: PARTIALfresh until 2026-08-08 09:02 UTC
screened 2026-07-09tier: scannedgranularity: description-levelsource: registry

Semantic screen found no manipulation pattern in the description. Conformance probe not yet run.

mcpindex.integrity.descriptionpassINFO

evidenceNo malicious instructions foundvia static_description

Limits of this verdict
  • - Semantic screen only - the deterministic conformance probe has not run on this server
  • - Confidence is reported but not yet calibrated (v1)
  • - Screen reads the tool description, not the live behavior
  • - advisory
  • - registry description only no input schema
  • - screen model 8b

Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.

Own this server? Screen its description →

Embed this badge

A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.

Markdown
[![mcpindex](https://mcpindex.ai/api/v1/badge/io-github-cyanheads-ntfy-mcp-server)](https://mcpindex.ai/server/io-github-cyanheads-ntfy-mcp-server)
HTML
<a href="https://mcpindex.ai/server/io-github-cyanheads-ntfy-mcp-server"><img src="https://mcpindex.ai/api/v1/badge/io-github-cyanheads-ntfy-mcp-server" alt="mcpindex verdict" height="20" /></a>
Environment variables
NTFY_SERVERS

JSON array of `{ baseUrl, authToken? | authUsername?+authPassword? }` entries — one per ntfy server. First entry is the default base. Auth is scoped to the entry's `baseUrl`; per-call `base_url` overrides that match a registered base forward that server's auth. Takes precedence over the single-server NTFY_BASE_URL / NTFY_AUTH_* shorthand.

NTFY_BASE_URL

Single-server shorthand — base URL of the ntfy server (no trailing slash). Used when NTFY_SERVERS is unset.

NTFY_DEFAULT_TOPIC

Topic used when a tool call omits `topic`. Treat the topic name as a secret — anyone who knows it can publish or subscribe.

NTFY_AUTH_TOKEN

Bearer access token (`tk_…`) for the single-server shorthand. Mutually exclusive with NTFY_AUTH_USERNAME / NTFY_AUTH_PASSWORD.

NTFY_AUTH_USERNAME

Basic-auth username for the single-server shorthand — must be set together with NTFY_AUTH_PASSWORD.

NTFY_AUTH_PASSWORD

Basic-auth password for the single-server shorthand — must be set together with NTFY_AUTH_USERNAME.

NTFY_REQUEST_TIMEOUT_MS

Per-request HTTP timeout in milliseconds.

NTFY_MAX_RETRIES

Max retry attempts for transient upstream failures (5xx, network, 429).

MCP_LOG_LEVEL

Sets the minimum log level for output (e.g., 'debug', 'info', 'warn').

LOGS_DIR

Directory for file-based logs (Node only; ignored on Workers).

OTEL_ENABLED

Enable OpenTelemetry instrumentation (spans, metrics, completion logs).

NTFY_SERVERS

JSON array of `{ baseUrl, authToken? | authUsername?+authPassword? }` entries — one per ntfy server. First entry is the default base. Auth is scoped to the entry's `baseUrl`; per-call `base_url` overrides that match a registered base forward that server's auth. Takes precedence over the single-server NTFY_BASE_URL / NTFY_AUTH_* shorthand.

NTFY_BASE_URL

Single-server shorthand — base URL of the ntfy server (no trailing slash). Used when NTFY_SERVERS is unset.

NTFY_DEFAULT_TOPIC

Topic used when a tool call omits `topic`. Treat the topic name as a secret — anyone who knows it can publish or subscribe.

NTFY_AUTH_TOKEN

Bearer access token (`tk_…`) for the single-server shorthand. Mutually exclusive with NTFY_AUTH_USERNAME / NTFY_AUTH_PASSWORD.

NTFY_AUTH_USERNAME

Basic-auth username for the single-server shorthand — must be set together with NTFY_AUTH_PASSWORD.

NTFY_AUTH_PASSWORD

Basic-auth password for the single-server shorthand — must be set together with NTFY_AUTH_USERNAME.

NTFY_REQUEST_TIMEOUT_MS

Per-request HTTP timeout in milliseconds.

NTFY_MAX_RETRIES

Max retry attempts for transient upstream failures (5xx, network, 429).

MCP_SESSION_MODE

HTTP session model: 'stateless', 'stateful', or 'auto'.

MCP_HTTP_HOST

The hostname for the HTTP server.

MCP_HTTP_PORT

The port to run the HTTP server on.

MCP_HTTP_ENDPOINT_PATH

The endpoint path for the MCP server.

MCP_AUTH_MODE

Authentication mode to use: 'none', 'jwt', or 'oauth'.

MCP_LOG_LEVEL

Sets the minimum log level for output (e.g., 'debug', 'info', 'warn').

LOGS_DIR

Directory for file-based logs (Node only; ignored on Workers).

OTEL_ENABLED

Enable OpenTelemetry instrumentation (spans, metrics, completion logs).

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
10
installability
25
documentation
15
stability
10
Alternatives in Developer Tools