4,500+ servers built on MCP Fusion
Vinkius
HackerOne logo
Vinkius
Mastra AI logo

How to Use the HackerOne MCP in Mastra AI

Build resilient HackerOne triage agents with Mastra AI workflows that handle retries and conditional payout logic.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

HackerOne MCP on Cursor AI Code Editor MCP Client HackerOne MCP on Claude Desktop App MCP Integration HackerOne MCP on OpenAI Agents SDK MCP Compatible HackerOne MCP on Visual Studio Code MCP Extension Client HackerOne MCP on GitHub Copilot AI Agent MCP Integration HackerOne MCP on Google Gemini AI MCP Integration HackerOne MCP on Lovable AI Development MCP Client HackerOne MCP on Mistral AI Agents MCP Compatible HackerOne MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Mastra AI

Connect HackerOne MCP to Mastra AI

Create your Vinkius account to connect HackerOne to Mastra AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup HackerOne with Mastra AI
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Automate HackerOne Triage Workflows with Mastra AI

The `list_reports` tool feeds raw HackerOne bug submissions directly into Mastra AI workflow pipelines for automated initial classification. Our framework evaluates the severity of the incoming HackerOne report and determines whether to escalate it immediately.

Resilient Bounty Payouts with Retries

The `award_bounty` tool executes financial transactions on HackerOne with the safety net of Mastra AI's built-in exponential backoff engine. If the HackerOne API experiences a temporary rate limit, the Mastra AI workflow automatically retries the payout.

Multi-Step Asset Auditing via MCP Server

The `list_assets` tool pulls your registered scope from HackerOne to cross-reference incoming bug reports in Mastra AI. Mastra AI can run a conditional branch to check if the reported HackerOne endpoint actually belongs to your official attack surface.

Setup guide

Set up HackerOne MCP in Mastra AI

Prerequisites

  • Node.js 18+ and a TypeScript project
  • @mastra/mcp + @mastra/core packages
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install dependencies

    Run npm install @mastra/mcp @mastra/core plus your preferred model provider (e.g. @ai-sdk/openai).

  2. 2

    Configure the MCPClient

    Create an MCPClient with your Vinkius endpoint as a URL object. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Discover and inject tools

    Call mcpClient.listTools() and spread the result into your agent's tools object. All HackerOne tools become native Mastra tools.

  4. 4

    Run with any model

    Swap openai("gpt-4o") for any AI SDK-compatible provider. Call agent.generate() and the agent routes tool calls through MCP automatically.

agent.ts 
import { MCPClient } from "@mastra/mcp";
import { Agent } from "@mastra/core/agent";
import { openai } from "@ai-sdk/openai";

const mcpClient = new MCPClient({
  id: "hackerone-mcp-client",
  servers: {
    "hackerone-mcp": {
      url: new URL(
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
      ),
    },
  },
});

const agent = new Agent({
  name: "HackerOne Agent",
  model: openai("gpt-4o"),
  instructions: "You have access to HackerOne tools.",
  tools: {
    ...(await mcpClient.listTools()),
  },
});

const result = await agent.generate(
  "List recent HackerOne transactions"
);
console.log(result.text);
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HackerOne. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HackerOne now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HackerOne MCP in Mastra AI

The Mastra AI framework manages rate limits on calls like `list_reports` or `get_report` by applying exponential backoff to HackerOne API requests. This prevents your workflows from breaking during high-traffic bug disclosures.
Yes, you can set `requireToolApproval` on the Mastra AI agent when calling the HackerOne `change_report_state` tool. This halts the workflow and sends a notification to your team, waiting for a manual click before updating the ticket.
Install `@mastra/mcp` and instantiate the MCP client using the Vinkius server URL to expose HackerOne tools to your Mastra AI agent. You then spread these tools directly into your agent's configuration object.
Yes, by calling `list_programs` and `get_program`, your agent can discover and monitor every active security scope you manage. The workflow engine can loop through these programs sequentially to aggregate open vulnerabilities.
Your HackerOne API token is stored securely on Vinkius, allowing your Mastra AI runtime to fetch reports without exposing sensitive credentials. The MCP server processes only the filtered vulnerability data your agent requests.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the HackerOne MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for HackerOne. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.