get_program_weaknesses
Identify accepted vulnerability types for a HackerOne program to ensure reports use correct CWE categories the program prioritizes.
Instructions
Get the accepted vulnerability/weakness types for a program. Helps frame reports using the right CWE categories the program cares about.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| program_handle | Yes | Program handle (e.g. 'uber', 'ipc-h1c-aws-tokyo-2026') | |
| page_size | No | Number of weaknesses to return (default 100) |
Implementation Reference
- src/h1client.ts:267-278 (handler)The actual logic implementation that fetches weaknesses for a specific program handle.
export async function getProgramWeaknesses(handle: string, pageSize = 100) { const data = await h1Fetch(`/hackers/programs/${handle}/weaknesses`, { "page[size]": String(pageSize), }); return data.data.map((w: any) => ({ id: w.id, name: w.attributes.name, description: w.attributes.description, external_id: w.attributes.external_id, })); } - src/index.ts:309-341 (registration)Tool registration and schema definition for 'get_program_weaknesses' in the MCP server.
server.tool( "get_program_weaknesses", "Get the accepted vulnerability/weakness types for a program. Helps frame reports using the right CWE categories the program cares about.", { program_handle: z .string() .describe("Program handle (e.g. 'uber', 'ipc-h1c-aws-tokyo-2026')"), page_size: z .number() .min(1) .max(100) .optional() .describe("Number of weaknesses to return (default 100)"), }, async ({ program_handle, page_size }) => { try { const weaknesses = await getProgramWeaknesses(program_handle, page_size); return { content: [ { type: "text" as const, text: JSON.stringify(weaknesses, null, 2), }, ], }; } catch (err: any) { return { content: [{ type: "text" as const, text: `Error: ${err.message}` }], isError: true, }; } } );