4,500+ servers built on MCP Fusion
Vinkius
HackerOne logo
Vinkius
Windsurf logo

How to Use the HackerOne MCP in Windsurf

Let Windsurf autonomously triage submissions, post updates, and trigger bounty payouts without manual step-by-step prompting.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

HackerOne MCP on Cursor AI Code Editor MCP Client HackerOne MCP on Claude Desktop App MCP Integration HackerOne MCP on OpenAI Agents SDK MCP Compatible HackerOne MCP on Visual Studio Code MCP Extension Client HackerOne MCP on GitHub Copilot AI Agent MCP Integration HackerOne MCP on Google Gemini AI MCP Integration HackerOne MCP on Lovable AI Development MCP Client HackerOne MCP on Mistral AI Agents MCP Compatible HackerOne MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Windsurf

Connect HackerOne MCP to Windsurf

Create your Vinkius account to connect HackerOne to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup HackerOne with Windsurf
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Automate triage via the HackerOne MCP Server

This MCP Server exposes the `list_reports` and `get_report` tools so your Cascade agent can scan incoming vulnerability submissions without human intervention. Cascade reads the raw text, analyzes the impact, and drafts a technical summary. Once the analysis is done, Cascade uses `change_report_state` to move the ticket to triaged or closed. You do not have to prompt every step. Windsurf chains these tools together to keep your queue clean.

Draft and post researcher updates in Windsurf

The `add_report_comment` tool lets Windsurf write directly to the researcher on the ticket. Cascade analyzes the finding, checks your program policies, and posts the exact next steps or requests for more information. Cascade handles the back-and-forth while you focus on fixing the actual bugs. It reads the researcher's replies and updates the internal thread, keeping everyone in sync.

Trigger bounty payments directly from Windsurf

The `award_bounty` tool allows Windsurf to queue up and execute financial rewards based on severity. Cascade cross-references the report details with historical payouts using `list_payments` to ensure consistency. You set the parameters, and Cascade handles the math. It calculates the correct tier, runs the payment tool, and posts the confirmation comment in one autonomous run.

Setup guide

Set up HackerOne MCP in Windsurf

Prerequisites

  • Windsurf IDE installed (macOS, Windows, or Linux)
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Open MCP configuration

    Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.

  2. 2

    Add the HackerOne MCP

    Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.

  3. 3

    Refresh MCPs

    Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.

  4. 4

    Verify in Cascade

    Start a new Cascade conversation and ask something like "Show my HackerOne payment history." If connected, Cascade will call the HackerOne tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json 
{
  "mcpServers": {
    "hackerone-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HackerOne. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HackerOne now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HackerOne MCP in Windsurf

Windsurf uses the `change_report_state` tool to modify report status based on Cascade's analysis. Cascade reads the report, determines if it is a duplicate or valid bug, and changes the state to triaged or resolved.
Yes, Cascade can chain `list_payments` to check historical rates and then use `award_bounty` to issue the reward. Your Cascade agent uses this MCP server to check financial history and complete the transaction.
Cascade auto-discovers the registered tools upon connection. You can also use the built-in MCP Marketplace for one-click installs, allowing Cascade to run tools like `list_reports` and `add_report_comment` in sequence.
Yes, Windsurf uses `list_assets` to pull the scope of your program. This helps Cascade verify if a submitted vulnerability falls within your active target list.
This server processes vulnerability reports and payment history inside an isolated sandbox. Your raw API credentials never touch external servers, keeping your sensitive security data safe.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the HackerOne MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for HackerOne. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.