Description
n8n-nodes-hacknotice-mcp
n8n community package: HackNotice MCP Client — connect workflows and AI Agents to tools exposed by HackNotice‘s MCP server using the Model Context Protocol (MCP) over Streamable HTTP.
This package is intentionally separate from n8n-nodes-hacknotice-api (HTTP REST alerts), per n8n community-node publishing rules: MCP tool nodes must not ship in the same npm package as the main HTTP integration.
Relation to n8n’s MCP Client Tool
n8n’s built-in MCP Client Tool sub-node is the reference pattern for exposing MCP tools to AI Agents. This community node is purpose-built for HackNotice:
- It uses HackNotice’s fixed Streamable HTTP
/mcpendpoint. - It authenticates with a HackNotice Integration Key credential.
- It connects only to the AI Agent Tool input.
- It lets users choose whether to expose all MCP tools, only selected tools, all except selected tools, or tools by functional group.
- Third-Party — third-party vendor breach alerts and watchlist management (
hacknoticethirdparty_*) - First-Party — first-party domain breach alerts and watchlist management (
hacknoticefirstparty_*) - End User — end-user credential alerts and watchlist management (
hacknoticeenduser_*) - Research — research phrase and wordpool alerts (
hacknoticeresearch*) - Assessments — vendor security assessments, invites, templates, and data files (
hacknoticeassessment*) - the inbound MCP request,
- outbound HackNotice API requests,
- outbound HackNotice API responses.
give me the alerts from my thirdparty watchlistgive me the alerts from my first party watchlistsearch global breaches for acme.comfind credential leaks for example.comsearch leaked files for Acme spreadsheets- Use a current n8n community nodes–compatible release. This package declares a peer dependency on
n8n-workflow(provided by the host). - For local development with
npm run dev, use Node.js 22+ as recommended by the n8n nodes starter. - If you see
404/Request failed with status code 404: the package name is not published on npm yet (or the name is wrong). This is expected before your firstnpm publish/ GitHub Actions release. - After the package exists on npm, run (optionally pin a version):
Installation
Follow the community nodes installation guide. npm package name: n8n-nodes-hacknotice-mcp.
Credentials
In n8n, create HackNotice MCP API and set Integration Key (per-user secret). You can create or copy an integration key from HackNotice app preferences. The key is sent as X-HackNotice-Integration-Key on every MCP request.
Node Behavior
HackNotice MCP is an AI Agent tool node. It has no regular Main input/output branch and is not intended to be run as a standalone canvas step.
Connect it to an AI Agent node’s Tool input. At execution time it:
1. Fetches the live HackNotice MCP tool catalogue with tools/list.
2. Caches that catalogue per Integration Key for 5 minutes.
3. Exposes the configured tool set to the AI Agent.
4. Executes requested tools through MCP tools/call.
The node includes the execute() implementation required by n8n’s v3 AI Agent engine, so tool calls are recorded in n8n executions and the node turns green when invoked.
AI Agent Usage
Create a workflow like:
1. When chat message received
2. OpenAI Chat Model connected to the AI Agent’s Chat Model input
3. AI Agent
4. HackNotice MCP connected to the AI Agent’s Tool input
Use Tools to Expose to control which MCP tools are available to the AI Agent.
Tools to Expose
| Mode | Behavior |
| ———————– | ————————————————————————– |
| All | Exposes the full live MCP catalogue. This is the default. |
| Selected | Exposes only the tools selected in Tools to Include. |
| All Except Selected | Exposes every live MCP tool except those selected in Tools to Exclude. |
| By Group | Exposes tools from the functional groups selected in Tool Groups. |
The Tools to Include and Tools to Exclude fields load their options from the live HackNotice MCP server with tools/list, so they stay aligned with the server catalogue.
By Group
Tool Groups is a fixed, multi-select list of HackNotice’s functional tool families — pick one or more:
General/search tools that don’t belong to a single group (credential verification, saved searches, and the global breach/exposure/chatter/leaked-file/correlated-leak search tools) are always exposed in By Group mode, regardless of which groups are selected, since an agent typically needs search capability no matter which functional area it’s working in.
Debug Mode
Turn on Debug Mode in the HackNotice MCP node to force debug: true on every MCP tool call.
When enabled, tool responses include _debug with redacted request/response trace data from:
This is useful for validating the full flow from n8n prompt to MCP server to HackNotice API.
Prompting Tips
Examples:
For best results with the AI Agent, expose only the tool families needed by your workflow. For example, a third-party alert workflow can use Selected mode with hacknoticethirdparty_alerts and watchlist tools.
The built-in MCP Client Tool route can also connect to HackNotice’s endpoint if you prefer the generic n8n MCP node:
| Setting | Value |
| —————- | ————————————– |
| Endpoint | https://mcp.hacknotice.com:13330/mcp |
| Transport | HTTP Streamable |
| Authentication | Header Auth |
| Header name | X-HackNotice-Integration-Key |
| Header value | Your HackNotice integration key |
| Tools to Include | Selected or All |
Example workflows
| Workflow | File | Purpose |
| ———————————————— | —————————————————————————————————- | ——————————————————– |
| Community node review (submit to boss / n8n) | examples/community-node-review.workflow.json | Basic reviewer workflow for confirming package setup |
| AI Agent (chat) | examples/ai-agent-mcp-client-tool.workflow.json | Chat + AI Agent + HackNotice MCP connected as an AI tool |
See SUBMISSION.md for reviewer steps and checklist.
Quick Smoke Test
1. Add When chat message received.
2. Add AI Agent and connect an OpenAI-compatible Chat Model.
3. Add HackNotice MCP and connect it to the AI Agent Tool input.
4. Attach HackNotice MCP API credentials.
5. Keep Tools to Expose set to All, or choose Selected and include the tools you want the agent to use.
6. Send a prompt that maps to one of the exposed tools, for example: search global breaches for acme.com.
The HackNotice MCP node should appear as executed in the n8n execution log when the agent calls a tool.
Compatibility
Verification checklist (n8n Cloud)
This package is structured to align with Community node verification guidelines:
| Guideline | How this package complies |
| ———————————- | —————————————————————————————————————————————————————————————————————————— |
| n8n-node tool | Scaffolded and maintained with @n8n/node-cli; run npm run lint and npm run build before release. |
| Node types | Not a duplicate of a built-in node; not generic flow-control. One third-party surface: HackNotice MCP (HTTP node for REST alerts lives in n8n-nodes-hacknotice-api). |
| Package source | Public GitHub: HackNotice/n8n-nodes-hacknotice-mcp. package.json repository, homepage, and npm metadata should match that repo and maintainer. |
| MIT license | See LICENSE.md. |
| Provenance (May 2026+) | Publish via GitHub Actions with npm provenance — see .github/workflows/publish.yml. |
| No runtime dependencies | dependencies in package.json is empty; only n8n-workflow is listed as a peer (supplied by n8n). |
| Documentation | This README, credential descriptions in the editor, and links to HackNotice / MCP / n8n docs below. |
| No env / filesystem for config | Node logic does not read process.env or read/write the host filesystem for configuration; only n8n parameters and stored credentials are used. Outbound traffic uses n8n’s HTTP helpers to the fixed MCP URL above. |
| English | UI copy and this README are in English. |
@n8n/scan-community-package (registry scan)
That CLI always downloads your package from the npm registry: it loads the package metadata, then runs npm pack and ESLint on the unpacked tarball.
npx @n8n/scan-community-package n8n-nodes-hacknotice-mcp
# or, e.g.:
npx @n8n/scan-community-package n8n-nodes-hacknotice-mcp@1.0.0
npm run lint and npm run build (via @n8n/node-cli), which align with n8n’s verification expectations.Submitting for verification
Publishing with GitHub Actions
Releases are published to npm from the Publish workflow when a version tag is pushed (for example v1.0.2 from release-it).
1. One-time npm setup (pick one)
– Trusted publishing (recommended): On npmjs.com → package Settings → Trusted Publishers → add GitHub Actions with repository HackNotice/n8n-nodes-hacknotice-mcp and workflow file publish.yml. Leave the NPM_TOKEN repo secret unset.
– Token fallback: Create a granular Read and write token for this package, then add repo secret NPM_TOKEN in GitHub (Settings → Secrets and variables → Actions).
2. Cut a release (from a clean main with upstream set): run npm run release, choose the version, and let release-it commit, tag, and push. The tag push triggers the workflow; in CI, n8n-node release runs lint, build, and npm publish with provenance.
3. Re-run a failed publish without a new version: Actions → Publish → Run workflow, select the tag you want to publish (must match version in package.json on that commit), then run.
See Trusted publishing for npm packages and the comments in .github/workflows/publish.yml.
Development
Uses @n8n/node-cli like the official starter:
npm install
npm run dev
npm run lint
npm run build
License
MIT — see LICENSE.md.