How to Use the Bugcrowd MCP in Claude Code

Q: How do I add the Bugcrowd MCP Server to Claude Code?

Run claude mcp add --transport http bugcrowd -- in your terminal. This registers the MCP configuration in your local file.

Q: Can Claude Code create new Bugcrowd submissions?

Yes, Claude Code uses the createsubmission tool to file new bugs. You can pass raw markdown logs or terminal output directly to the agent to generate the report.

Q: How does Claude Code list active Bugcrowd engagements?

The agent runs listengagements to fetch all crowdsourced tests. It can then pipe this list to local shell utilities or display the details directly in your terminal.

Q: Can I fetch specific target metadata?

The gettarget tool retrieves detailed scope parameters for any asset. You can ask the agent to check if a specific host is listed under the target parameters.

Query Bugcrowd programs and pipe vulnerability data directly into your terminal with Claude Code.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Bugcrowd MCP to Claude Code

Create your Vinkius account to connect Bugcrowd to Claude Code and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Bugcrowd with Claude Code

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Manage security programs via Bugcrowd MCP Server

The `list_programs` tool fetches all active security programs directly into your Claude Code terminal. This MCP Server parses this output, letting you search, filter, and inspect program rules without opening a browser. This speeds up command-line reconnaissance. You can pipe the list of active programs directly into other terminal tools or ask Claude Code to summarize the scope of a specific program using `get_program`.

Track vulnerability submissions in your terminal

The `list_submissions` tool retrieves all pending and resolved vulnerability reports directly inside Claude Code. Your terminal agent can quickly grep through these submissions to find duplicates or track triage progress. If you need to drill down, the agent invokes `get_submission` to show the full activity log. This keeps your entire vulnerability management workflow keyboard-driven.

Verify scoped targets via shell commands

The `list_targets` tool returns all scoped assets directly to your Claude Code shell. Claude Code uses this data to verify if an IP address or domain is authorized for testing before you run any active scans. By calling `get_target`, the agent retrieves specific asset metadata. This prevents accidental out-of-scope testing by keeping the target list right in your terminal context.

Setup guide

Set up Bugcrowd MCP in Claude Code

Prerequisites

Claude Code CLI installed (npm install -g @anthropic-ai/claude-code)
Active Vinkius subscription with a valid endpoint token

1

Run the add command

Open your terminal and run the command shown on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com. Use --scope user to make it available across all projects.
2

Verify the connection

Start a Claude Code session and type /mcp to list connected servers. You should see bugcrowd-mcp with a green status indicator.
3

Start using tools

Ask Claude Code something like "Check my latest Bugcrowd transactions." It will automatically discover and invoke the available Bugcrowd tools.

Terminal

claude mcp add --transport http bugcrowd-mcp https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Get your connection token →

Prerequisites

Claude Code CLI installed
Active Vinkius subscription with a valid endpoint token

1

Open the config file

Create or edit .mcp.json in your project root for project-level scope, or ~/.claude.json for user-level scope.
2

Add the Bugcrowd MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Code

Start a new Claude Code session. Type /mcp to confirm the server is connected. The tools will be automatically available in your conversation.

.mcp.json

{
  "mcpServers": {
    "bugcrowd-mcp": {
      "type": "url",
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Bugcrowd. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Bugcrowd now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Bugcrowd MCP in Claude Code

Run `claude mcp add --transport http bugcrowd -- ` in your terminal. This registers the MCP configuration in your local file.

Yes, Claude Code uses the `create_submission` tool to file new bugs. You can pass raw markdown logs or terminal output directly to the agent to generate the report.

The agent runs `list_engagements` to fetch all crowdsourced tests. It can then pipe this list to local shell utilities or display the details directly in your terminal.

The `get_target` tool retrieves detailed scope parameters for any asset. You can ask the agent to check if a specific host is listed under the target parameters.

Your program scope and target assets are queried via secure, encrypted HTTPS requests through the Vinkius MCP sandbox. No credentials or vulnerability data are logged or stored on external servers during terminal execution.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript