How to Use the HackerOne MCP in Claude Code

Q: How do I add the HackerOne MCP Server to Claude Code?

Run the claude mcp add command with your HTTP or stdio parameters. Claude Code will save the configuration in your local JSON settings and load the tools instantly.

Q: Does Claude Code support HackerOne bounty payments?

Yes, Claude Code can execute the awardbounty tool to pay researchers from your command line. It can also query listpayments to check historical transactions first.

Q: Can I check program details from the CLI?

Yes, Claude Code uses listprograms to display all the security programs you manage. You can quickly view program rules and scopes without opening a web browser.

Run HackerOne triage, post updates, and issue bounties directly from your terminal using Claude Code.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect HackerOne MCP to Claude Code

Create your Vinkius account to connect HackerOne to Claude Code and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup HackerOne with Claude Code

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Pipe HackerOne reports directly into your terminal tools

The `list_reports` tool lets Claude Code fetch pending submissions straight to your command line. You can pipe this data into grep, jq, or local scripts to filter findings by severity or asset type. Claude Code reads the raw JSON payloads, summarizes the impact, and lets you update the state using `change_report_state` without leaving your shell. It is built for speed and keyboard-driven security workflows.

Monitor public disclosures using Claude Code

The `list_hacktivity` tool allows Claude Code to fetch the latest public activity from the HackerOne feed. You can track trending vulnerabilities and security disclosures directly from your terminal session. The agent parses the feed to identify common attack vectors or bug patterns. This helps you proactively search your own codebase for similar issues before researchers find them.

Audit security assets with the HackerOne MCP Server

This MCP Server exposes the `list_assets` and `get_program` tools so Claude Code can audit your attack surface from the CLI. The agent pulls your active targets and maps them against your local asset inventory. You can quickly verify which domains or repositories are in scope. Claude Code runs these checks in seconds, making it easy to keep your program definitions accurate.

Setup guide

Set up HackerOne MCP in Claude Code

Prerequisites

Claude Code CLI installed (npm install -g @anthropic-ai/claude-code)
Active Vinkius subscription with a valid endpoint token

1

Run the add command

Open your terminal and run the command shown on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com. Use --scope user to make it available across all projects.
2

Verify the connection

Start a Claude Code session and type /mcp to list connected servers. You should see hackerone-mcp with a green status indicator.
3

Start using tools

Ask Claude Code something like "Check my latest HackerOne transactions." It will automatically discover and invoke the available HackerOne tools.

Terminal

claude mcp add --transport http hackerone-mcp https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Get your connection token →

Prerequisites

Claude Code CLI installed
Active Vinkius subscription with a valid endpoint token

1

Open the config file

Create or edit .mcp.json in your project root for project-level scope, or ~/.claude.json for user-level scope.
2

Add the HackerOne MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Code

Start a new Claude Code session. Type /mcp to confirm the server is connected. The tools will be automatically available in your conversation.

.mcp.json

{
  "mcpServers": {
    "hackerone-mcp": {
      "type": "url",
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HackerOne. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HackerOne now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HackerOne MCP in Claude Code

Run the `claude mcp add` command with your HTTP or stdio parameters. Claude Code will save the configuration in your local JSON settings and load the tools instantly.

Yes, you can combine Claude Code with terminal commands to script report updates. The agent uses `list_reports` and `add_report_comment` to automate routine communication.

Yes, Claude Code can execute the `award_bounty` tool to pay researchers from your command line. It can also query `list_payments` to check historical transactions first.

Yes, Claude Code uses `list_programs` to display all the security programs you manage. You can quickly view program rules and scopes without opening a web browser.

Your vulnerability reports and payment history are fetched over encrypted connections using your local API token. Claude Code processes this data locally in your terminal session, keeping your private findings secure.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript