Get the FREE Ultimate OpenClaw Setup Guide →

hackerone-graphql

MCP server for the HackerOne GraphQL API

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio hacker0x01-hackerone-graphql-mcp-server docker run -i --rm -e ENDPOINT=https://hackerone.com/graphql -e TOKEN=<your_base64_encoded_token> -e MUTATION_MODE=none hackertwo/hackerone-graphql-mcp-server:1.0.7 \
  --env TOKEN="Base64 encoded API token: base64(username:api_key)" \
  --env ENDPOINT="GraphQL endpoint URL" \
  --env MUTATION_MODE="Controls which mutations are allowed: none | explicit | all"

How to use

This MCP server wraps HackerOne's GraphQL API and exposes its operations as MCP tools via the Model Context Protocol over the stdio transport. It is designed to be run inside a container and connected to an MCP client that pipes data through standard input and reads responses from standard output. To use it, launch the container with docker run in a way that connects its stdio to the MCP client, and provide the required environment variables (ENDPOINT, TOKEN, and MUTATION_MODE) to configure the HackerOne GraphQL endpoint and access scope. The server leverages Apollo MCP Server under the hood, so GraphQL queries and mutations exposed by HackerOne will appear as individual MCP tools that you can invoke from your MCP client or Flowise-like UI. The recommended usage is to run the container with -i to keep stdin open for the stdio transport and to supply the token securely via the TOKEN env var.

How to install

Prerequisites:

  • Docker installed on your host (Docker Desktop or Docker Engine)
  • Access to pull the hackertwo/hackerone-graphql-mcp-server image (public Docker Hub)

Installation steps:

  1. Ensure Docker is running on your machine.
  2. Pull the image (optional if you rely on docker run directly): docker pull hackertwo/hackerone-graphql-mcp-server:1.0.7
  3. Run the MCP server container with the required environment variables: docker run -i --rm
    -e ENDPOINT="https://hackerone.com/graphql"
    -e TOKEN="<your_base64_encoded_token>"
    -e MUTATION_MODE="none"
    hackertwo/hackerone-graphql-mcp-server:1.0.7
  4. Connect your MCP client to the running container using the stdio transport. Ensure you pass the same ENDPOINT, TOKEN, and MUTATION_MODE configurations.

Notes:

  • The container is designed to be piped into an MCP-compatible client; running it directly without a client may result in errors.
  • The -i flag is important to maintain standard input for the stdio transport.

Additional notes

Tips and caveats:

  • This server currently supports only the stdio MCP transport. Other transports are not enabled by default.
  • The provided ENDPOINT and TOKEN must be kept secure; avoid embedding credentials in logs or shared scripts.
  • MUTATION_MODE can be none, explicit, or all; choose according to your security policy and required capabilities.
  • The schema.graphql file in the repository can become outdated; you can download the latest schema from HackerOne if needed.
  • The image supports multi-architecture builds (amd64 and arm64).
  • The example configurations shown in the README (Flowise/Zed) assume docker-based invocation and portably pass environment variables to the container.

Related MCP Servers

sandbox

2.7k

All-in-One Sandbox for AI Agents that combines Browser, Shell, File, MCP and VSCode Server in a single Docker container.

grafbase

1.2k

The Grafbase GraphQL Federation Gateway

comunica

547

📬 A knowledge graph querying framework for JavaScript

boltmcp

333

MCP server from boltmcp/boltmcp

gemini-kit

253

🚀 19 AI Agents + 44 Commands for Gemini CLI - Code 10x faster with auto planning, testing, review & security

github-brain

72

An experimental GitHub MCP server with local database.

Sponsor this space

Reach thousands of developers