HackerOne MCP Server

HackerOne MCP Server

Enables MCP clients like Claude and Codex to interact with HackerOne's API to list and get reports, programs, and scopes.

Category
Visit Server

README

HackerOne MCP Server

An MCP (Model Context Protocol) server that connects Claude, Codex, and other MCP clients to the HackerOne Hackers API.

Tools Available

Tool Description
h1_list_reports List your reports, filterable by program, state, severity, page
h1_get_report Get full details of a specific report by ID
h1_get_program_scopes Get in-scope and out-of-scope assets for a program
h1_get_program Get program details (policy, bounties, response stats)
h1_list_programs List programs you have access to

Setup

1. Install dependencies

cd hackerone-mcp
npm install

2. Get your HackerOne API credentials

  1. Go to https://hackerone.com/settings/api_token/edit
  2. Create a new API token
  3. Note your username and the generated token

Configuration

Claude Desktop

Edit your Claude Desktop config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "hackerone": {
      "command": "node",
      "args": ["/absolute/path/to/hackerone-mcp/index.js"],
      "env": {
        "HACKERONE_API_USERNAME": "your_api_token_identifier",
        "HACKERONE_API_TOKEN": "your_api_token"
      }
    }
  }
}

Restart Claude Desktop after saving.


Claude Code (CLI)

Run once to add the MCP server to your Claude Code config:

claude mcp add hackerone \
  -e HACKERONE_API_USERNAME=your_api_token_identifier \
  -e HACKERONE_API_TOKEN=your_api_token \
  -- node /absolute/path/to/hackerone-mcp/index.js

Or set credentials as shell environment variables first:

export HACKERONE_API_USERNAME=your_api_token_identifier
export HACKERONE_API_TOKEN=your_api_token

claude mcp add hackerone -- node /absolute/path/to/hackerone-mcp/index.js

Verify it's registered:

claude mcp list

Codex CLI

Run once to add the MCP server to Codex:

codex mcp add hackerone \
  --env HACKERONE_API_USERNAME=your_api_token_identifier \
  --env HACKERONE_API_TOKEN=your_api_token \
  -- node /absolute/path/to/hackerone-mcp/index.js

Or configure it directly in config.toml:

  • macOS/Linux: ~/.codex/config.toml
  • Windows: %USERPROFILE%\.codex\config.toml
[mcp_servers.hackerone]
command = "node"
args = ["/absolute/path/to/hackerone-mcp/index.js"]

[mcp_servers.hackerone.env]
HACKERONE_API_USERNAME = "your_api_token_identifier"
HACKERONE_API_TOKEN = "your_api_token"

Verify it's registered:

codex mcp list

In Codex TUI, run /mcp to view active MCP servers.


Other MCP Clients (generic stdio)

Pass the environment variables when launching:

HACKERONE_API_USERNAME=your_api_token_identifier \
HACKERONE_API_TOKEN=your_api_token \
node /path/to/hackerone-mcp/index.js

Or configure your client's MCP settings with:

  • command: node
  • args: ["/path/to/hackerone-mcp/index.js"]
  • env: { "HACKERONE_API_USERNAME": "...", "HACKERONE_API_TOKEN": "..." }

Example prompts

Once connected, you can ask your MCP client (Claude, Codex, etc.) things like:

  • "List my open HackerOne reports"
  • "Show me all critical severity reports"
  • "Get the full details of report 12345"
  • "What's in scope for the nodejs program?"
  • "Show me the policy and bounty info for the security program"
  • "List all programs I have access to"

Security Notes

  • Never hardcode your API token in the source files
  • Always use environment variables or your client's secrets manager
  • Your API token provides full access to your HackerOne account — treat it like a password

Reliability settings (optional)

If you see intermittent failures (timeouts, 429 rate limits, transient 5xx), you can tune these environment variables:

  • HACKERONE_TIMEOUT_MS (default: 20000) — per-request timeout
  • HACKERONE_MAX_RETRIES (default: 2) — retries for 429/5xx and transient network errors
  • HACKERONE_RETRY_BASE_DELAY_MS (default: 400) — initial backoff delay
  • HACKERONE_RETRY_MAX_DELAY_MS (default: 4000) — maximum backoff delay

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured