Access HackerOne reports, programs, and scopes through AI clients.
This tool is described as interacting with the HackerOne API to list and retrieve reports, programs, and scopes. It is open source under MIT, but documentation is sparse, adoption is low, and the system flags code execution capability, so the overall posture is caution rather than clear high risk.
The materials claim no keys or environment variables are required, but accessing the HackerOne API would normally involve account sessions, browser login state, or another authentication path. With no documentation, the real auth flow is unclear, so verify whether it indirectly uses locally available credentials.
The description explicitly says it interacts with the HackerOne API, so normal outbound network requests should be expected. Specific hostnames are not disclosed, which limits transparency, but there is no clear red flag here showing exfiltration to unrelated or unknown third parties.
The objective checks flag executes-code, indicating this MCP tool can run code or processes locally. That is a common capability for this class of tool, and the materials do not show requests for privileges clearly beyond its stated purpose.
By description, it mainly accesses HackerOne reports, programs, and scope data, which may include sensitive vulnerability information. The materials do not state whether it reads/writes local files, caches data, or accesses additional resources, so data boundaries are unclear, but there is no explicit evidence of overbroad access.
Positive signals include public source code and an MIT license, which support auditability. However, it comes from a third-party registry, has 0 stars, unknown maintenance status, and no README, so maturity and maintenance signals are weak and the code and dependencies should be reviewed directly.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "HackerOne MCP Server" yet — see the docs or source repo.
List my 10 most recent HackerOne reports and show the title, severity, status, and submission time for each.
A structured list of recent vulnerability reports for quick review and status tracking.
Get the scope for a specific HackerOne program, organize it into in-scope and out-of-scope sections, and label key asset types.
A clear scope summary showing testable assets and program restrictions.
List the HackerOne programs I can access and summarize them by name, type, and public availability.
A program inventory that helps prioritize targets and plan follow-up testing.
Automate penetration testing, vulnerability validation, and exploitation analysis with AI tools.
Analyze AI security, scan vulnerabilities, and monitor code leaks efficiently.
Use natural language to search exploits, manage sessions, and run penetration tests.
Connect to ONE ERP to query models, data, and business logic autonomously.
Manage GitHub repositories, pull requests, issues, and workflows with natural language.
Discover APIs from codebases, run tests, and generate role-based QA audit reports.