Skip to main content
Glama
skyxtools

BountyProof MCP

by skyxtools

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
BOUNTYPROOF_CONTACTYesContact email address
BOUNTYPROOF_DELAY_MSNoDelay between preflight requests (milliseconds)350
BOUNTYPROOF_MAX_URLSNoMaximum number of discovered URLs100
BOUNTYPROOF_WORKSPACENoWorkspace directory
BOUNTYPROOF_ALLOW_HTTPNoAllow unencrypted HTTPfalse
BOUNTYPROOF_KATANA_BINNoPath to Katana executable (if not in PATH)
BOUNTYPROOF_NUCLEI_BINNoPath to Nuclei executable (if not in PATH)
BOUNTYPROOF_REPORT_DIRNoLocal evidence directory.bountyproof/reports
BOUNTYPROOF_VERIFY_TLSNoVerify TLS certificatestrue
BOUNTYPROOF_IMPORT_ROOTNoAllowed root for HAR, OpenAPI, and Postman files.
BOUNTYPROOF_ALLOWED_PORTSNoAllowed destination ports443
BOUNTYPROOF_ALLOW_PRIVATENoAllow non-public IP addresses for lab usefalse
BOUNTYPROOF_MAX_IMPORT_BYTESNoMaximum imported surface file size20000000
BOUNTYPROOF_NUCLEI_RATE_LIMITNoMaximum Nuclei requests per second2
BOUNTYPROOF_SECURITYTRAILS_API_KEYNoOptional historical DNS lookup API key

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
start_sessionA

FIRST TOOL. Ask the user for every field before creating an engagement session; this sends no traffic.

scope_checkB

Validate a URL against the active session's in-scope and out-of-scope rules without HTTP traffic.

preflight_targetB

Check friction before live testing: stability, latency, redirect, rate limit, and WAF/CDN hints.

discover_surfaceC

Use Katana at the session rate limit after scope and preflight gates pass.

scan_high_signalB

Run HTTP-only Nuclei high/critical templates under session scope, rules, and rate limit.

verify_findingB

Re-run one exact Nuclei template 2-3 times inside the same authorized session.

import_surfaceB

Import a local HAR/OpenAPI/Postman file; values are redacted and out-of-scope endpoints are rejected.

register_auth_profilesC

Register auth profile metadata and secret environment-variable names; actual credentials are never stored.

compare_authorizationB

Replay one imported GET as owner and 1-3 other profiles, twice, without changing IDs or request data.

find_origin_candidatesA

Find unverified origin IP candidates using in-scope DNS hints and optional historical DNS; sends no IP traffic.

verify_origin_candidateC

After a fresh user decision, compare one HTTPS edge response with one direct-IP response using the target SNI/Host.

get_reportC

Load a report only when it belongs to the active engagement session.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/skyxtools/bountyproof-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server