MCP Servers

BugcrowdMCP

A high-performance Model Context Protocol server that provides secure, tool-based access to the Bugcrowd API, allowing for natural language interaction with bug bounty programs through various AI agent platforms.

Tools

get_organizations

List all organizations accessible to the authenticated user.

get_programs

List all bug bounty programs available to the authenticated user.

get_monetary_rewards

List all monetary rewards for bug bounty submissions.

get_monetary_reward

Get detailed information about a specific monetary reward.

get_organization

Get detailed information about a specific organization by ID.

get_program

Get detailed information about a specific bug bounty program.

get_submissions

List all bug submissions/vulnerability reports accessible to the user.

get_submission

Get detailed information about a specific vulnerability submission.

create_submission

Create a new bug submission/vulnerability report.

get_reports

List all reports (alternative endpoint to submissions with different data structure).

update_submission

Update an existing vulnerability submission.

get_report

Get detailed information about a specific report.

get_customer_assets

List all customer assets that are in scope for security testing.

get_customer_asset

Get detailed information about a specific customer asset.

delete_organization_member

Delete a member from an organization.

get_users

List all users in the organization or program scope.

get_user

Get detailed information about a specific user.

create_access_invitation

Create a new access invitation.

create_claim_ticket

Create a new claim ticket.

create_comment

Create a new comment on a submission.

create_monetary_reward

Create a new monetary reward for a submission.

create_team

Create a new team within an organization.

create_team_role

Create a new role for a team.

delete_access_invitation

Delete an access invitation.

delete_organization_program_role

Delete a program role from an organization.

delete_team

Delete a team.

delete_team_role

Delete a role from a team.

get_access_invitations

List all access invitations.

get_authentication_logs

List all authentication logs.

get_authorization_logs

List all authorization logs.

get_disclosure_requests

List all disclosure requests.

get_engagement

Get detailed information about a specific engagement.

get_engagements

List all engagements.

delete_team_member

Delete a member from a team.

get_organization_member

Get detailed information about a specific organization member.

get_organization_members

List all members of an organization.

get_organization_program_roles

List all program roles for an organization.

get_submission_activities

List all activities for a submission.

get_submission_comments

List all comments for a submission.

get_targets

List all targets.

get_team

Get detailed information about a specific team.

get_team_member

Get detailed information about a specific team member.

get_team_members

List all members of a team.

get_teams

List all teams in an organization.

update_monetary_reward

Update an existing monetary reward.

update_organization_member_role

Update the role of an organization member.

help

Get detailed help and documentation for Bugcrowd MCP tools.

server_health

Check the health status of the MCP server and API connectivity.

README

BugcrowdMCP: Server & Agents for the Bugcrowd API

A high-performance MCP (Model Context Protocol) server that provides secure, tool-based access to the Bugcrowd API, allowing for natural language interaction through various AI agent platforms.

Features

Broad API Coverage: Provides tools for interacting with Organizations, Programs, Submissions, Assets, and more.
Multi-Agent Support: Includes ready-to-use agents for OpenAI, Anthropic (Claude), Google (Gemini), and FastMCP.
Extensible & Customizable: Easily switch between AI providers, configure different models, and integrate with platform-specific CLIs.
Secure: Uses environment variables for API credentials and performs input validation.
Dynamic Help: Includes a help() tool that provides real-time documentation for all available tools.

Quick Start

This guide will get you up and running with the default agent (openai).

1. Prerequisites

Python 3.10+
uv for package installation.

2. Installation

Clone the repository, create a virtual environment, and install dependencies.

git clone https://github.com/unstrike/Bugcrowd_MCP_Server.git
cd Bugcrowd_MCP_Server

# Create and activate virtual environment
uv venv
source .venv/bin/activate

# Install dependencies
uv sync

3. Configuration

Export your Bugcrowd and OpenAI API credentials as environment variables.

export BUGCROWD_API_USERNAME="your-username"
export BUGCROWD_API_PASSWORD="your-password"
export OPENAI_API_KEY="your-openai-api-key"

4. Run the Agent

Start the interactive agent.

uv run python -m bugcrowd_agents.agent_orchestrator

You can now interact with the Bugcrowd API using natural language.

Example Prompts:

"Show me available bug bounty programs"
"What are the 5 most recent vulnerability submissions?"
"Use the help tool to see all available commands"

Advanced Usage

Switching Agents

The true power of this server lies in its flexibility. You can easily switch between supported AI platforms by setting the AGENT_PLATFORM environment variable.

Supported platforms: openai (default), claude, gemini, fastmcp.

Remember to set the appropriate API key for the agent you choose.

Example: Running the Gemini Agent

# 1. Set the API key for Google
export GOOGLE_AI_API_KEY="your-gemini-api-key"

# 2. Run the orchestrator with the AGENT_PLATFORM variable
AGENT_PLATFORM=gemini uv run python -m bugcrowd_agents.agent_orchestrator

Example: Running the Claude Agent

export ANTHROPIC_API_KEY="your-claude-api-key"
AGENT_PLATFORM=claude uv run python -m bugcrowd_agents.agent_orchestrator

Using the FastMCP Agent

The fastmcp agent is a versatile client that can use different LLM backends. Configure it by setting the FASTMCP_PROVIDER environment variable.

Supported providers: anthropic (default), google, openai.

Example: Running FastMCP with the Google (Gemini) Backend

# 1. Set the API key for the desired backend
export GOOGLE_AI_API_KEY="your-gemini-api-key"

# 2. Set the platform and provider, then run
AGENT_PLATFORM=fastmcp FASTMCP_PROVIDER=google uv run python -m bugcrowd_agents.agent_orchestrator

Customizing Agent Models

You can override the default models for each agent by setting environment variables:

Claude: CLAUDE_MAIN_MODEL, CLAUDE_SUMMARY_MODEL
Gemini: GEMINI_MAIN_MODEL, GEMINI_SUMMARY_MODEL
OpenAI: OPENAI_MODEL

Available Tools

The server provides the following tools. For detailed parameter information, run the agent and use the help() tool (e.g., help('get_submission')).

Category	Tool	Description
Organizations	`get_organizations`	List all accessible organizations
	`get_organization`	Get specific organization details
Programs	`get_programs`	List bug bounty programs
	`get_program`	Get specific program details
Submissions	`get_submissions`	List vulnerability submissions
	`get_submission`	Get specific submission details
	`create_submission`	Create a new vulnerability report
	`update_submission`	Update an existing submission
	`create_comment`	Add a comment to a submission
Teams	`get_teams`	List all teams in an organization
	`create_team`	Create a new team
	`delete_team`	Delete a team
Rewards	`get_monetary_rewards`	List bounty rewards
	`create_monetary_reward`	Create a new monetary reward
	`update_monetary_reward`	Update an existing monetary reward
Users	`get_users`	List users in an organization
	`get_user`	Get specific user details
Health	`server_health`	Check server and API connectivity
Help	`help`	Get detailed help for any tool

Direct Integration

For integration with platform-specific CLIs (bypassing the included agent handlers), use the provided configuration templates.

For OpenAI (codex): Use docs/config.toml.
For Gemini, Claude, etc.: Use docs/config.json.

Instructions:

Copy the appropriate template file to your tool's configuration directory (e.g., ~/.codex/config.toml).
In the copied file, update the cwd variable to the absolute path of the Bugcrowd_MCP_Server project directory.

Documentation

API Reference: A static reference for all tool and endpoint details.
Architecture Diagram: An overview of the system architecture.
Bugcrowd REST API: The official API documentation that this server is built upon.

For more detailed information on MCP server configuration, refer to the official documentation for your platform:

OpenAI: Codex MCP Server Configuration
Google Gemini: Configure MCP Servers
Anthropic Claude: MCP for Claude
FastMCP: JSON Configuration and Running a Server

Recommended Servers

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official

Featured

TypeScript

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official

Featured

Local

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official

Featured

TypeScript

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official

Featured

Python

E2B

Using MCP to run code via e2b.

Official

Featured

Neon Database

MCP server for interacting with Neon Management API and databases

Official

Featured

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official

Featured

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official

Featured