HackerOne FAQs

Question 1

Can I submit or modify HackerOne reports using this server?

Accepted Answer

No, this tool is strictly read-only. It cannot be used to submit new reports, modify existing ones, or delete any data on the HackerOne platform. Its purpose is solely for analysis and data retrieval.

Question 2

How do I set up the HackerOne MCP Server with Claude Code?

Accepted Answer

After cloning the GitHub repository and building the project, you can add it to Claude Code using the `claude mcp add hackerone` command, specifying your HackerOne username and API token as environment variables, or by manually configuring your `~/.claude.json` file.

Question 3

What is the HackerOne MCP Server?

Accepted Answer

The HackerOne MCP Server is an unofficial, community-built tool that provides live, read-only access to your HackerOne reports, programs, earnings, and scope data via the HackerOne API. It's designed for integration with Claude Code or any other MCP (Multi-Cloud Platform) client.

Question 4

Is my HackerOne API token secure when using this tool?

Accepted Answer

Yes, your HackerOne API token is secure. The tool runs locally over stdio, meaning your credentials never leave your machine. It connects directly to the HackerOne Hacker API v1 from your local environment.

Question 5

What kind of HackerOne data can I access?

Accepted Answer

You can search and filter your reports, retrieve full report details including triage conversations and activity timelines, list available bug bounty programs, analyze your personal bug hunting patterns, view program in-scope assets and accepted weaknesses, and track your bounty earnings history.

HackerOne

HackerOne

Key Features

Use Cases

Key Features

Use Cases