BountyProof MCP
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| BOUNTYPROOF_CONTACT | Yes | Contact email address | |
| BOUNTYPROOF_DELAY_MS | No | Delay between preflight requests (milliseconds) | 350 |
| BOUNTYPROOF_MAX_URLS | No | Maximum number of discovered URLs | 100 |
| BOUNTYPROOF_WORKSPACE | No | Workspace directory | |
| BOUNTYPROOF_ALLOW_HTTP | No | Allow unencrypted HTTP | false |
| BOUNTYPROOF_KATANA_BIN | No | Path to Katana executable (if not in PATH) | |
| BOUNTYPROOF_NUCLEI_BIN | No | Path to Nuclei executable (if not in PATH) | |
| BOUNTYPROOF_REPORT_DIR | No | Local evidence directory | .bountyproof/reports |
| BOUNTYPROOF_VERIFY_TLS | No | Verify TLS certificates | true |
| BOUNTYPROOF_IMPORT_ROOT | No | Allowed root for HAR, OpenAPI, and Postman files | . |
| BOUNTYPROOF_ALLOWED_PORTS | No | Allowed destination ports | 443 |
| BOUNTYPROOF_ALLOW_PRIVATE | No | Allow non-public IP addresses for lab use | false |
| BOUNTYPROOF_MAX_IMPORT_BYTES | No | Maximum imported surface file size | 20000000 |
| BOUNTYPROOF_NUCLEI_RATE_LIMIT | No | Maximum Nuclei requests per second | 2 |
| BOUNTYPROOF_SECURITYTRAILS_API_KEY | No | Optional historical DNS lookup API key |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| start_sessionA | FIRST TOOL. Ask the user for every field before creating an engagement session; this sends no traffic. |
| scope_checkB | Validate a URL against the active session's in-scope and out-of-scope rules without HTTP traffic. |
| preflight_targetB | Check friction before live testing: stability, latency, redirect, rate limit, and WAF/CDN hints. |
| discover_surfaceC | Use Katana at the session rate limit after scope and preflight gates pass. |
| scan_high_signalB | Run HTTP-only Nuclei high/critical templates under session scope, rules, and rate limit. |
| verify_findingB | Re-run one exact Nuclei template 2-3 times inside the same authorized session. |
| import_surfaceB | Import a local HAR/OpenAPI/Postman file; values are redacted and out-of-scope endpoints are rejected. |
| register_auth_profilesC | Register auth profile metadata and secret environment-variable names; actual credentials are never stored. |
| compare_authorizationB | Replay one imported GET as owner and 1-3 other profiles, twice, without changing IDs or request data. |
| find_origin_candidatesA | Find unverified origin IP candidates using in-scope DNS hints and optional historical DNS; sends no IP traffic. |
| verify_origin_candidateC | After a fresh user decision, compare one HTTPS edge response with one direct-IP response using the target SNI/Host. |
| get_reportC | Load a report only when it belongs to the active engagement session. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/skyxtools/bountyproof-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server