HackerOne MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| H1_USERNAME | Yes | Your HackerOne username used for API authentication. | |
| H1_API_TOKEN | Yes | Your HackerOne API token generated from HackerOne > Settings > API Token. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| search_reportsB | Search and list your HackerOne reports. Filter by keyword, program, severity, or state. Great for finding past reports to reference when drafting new ones. |
| get_reportA | Get the full details of a specific HackerOne report by ID. Returns title, vulnerability details, impact, severity, CVSS, timestamps, and program info. |
| get_report_with_conversationB | Get a report with its full triage conversation. Useful for understanding what questions triage asked, how you responded, and what led to resolution. Great for learning what works. |
| get_report_activitiesA | Get the activity timeline of a report: comments, state changes, bounty awards, and triage responses. |
| list_programsC | List bug bounty programs you have access to on HackerOne. |
| analyze_report_patternsB | Fetch your recent reports and analyze patterns: most common vulnerability types, severity distribution, resolution rates, and programs. Useful for understanding your hunting profile. |
| get_program_scopeA | Get the in-scope assets for a bug bounty program. Returns asset types, identifiers, bounty eligibility, and severity caps. Useful when drafting reports to pick the correct asset. |
| get_program_weaknessesB | Get the accepted vulnerability/weakness types for a program. Helps frame reports using the right CWE categories the program cares about. |
| get_earningsC | Get your bounty earnings history. Shows amounts, currency, dates, and which programs paid out. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sicks3c/hackerone-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server