Bugcrowd MCP Server acts as a bridge between LLMs (like Claude, GPT, etc.) and the Bugcrowd platform.
Bugcrowd MCP Server
An MCP (Model Context Protocol) server that exposes the Bugcrowd REST API as callable tools for LLMs and AI agents. Built with FastMCP and httpx.
Features
- Full coverage of the Bugcrowd API (submissions, programs, engagements, disclosures, organisations, rewards, and more)
- Async requests via
httpx - Credentials loaded from environment variables or a
.envfile — nothing hardcoded - Ready to use with Claude Desktop, VS Code Copilot, MCP Inspector, or any MCP-compatible client
Inspired by Mohd Haji Bugcrowd-MCP
Setup
1. Clone and install
git clone <repo-url>
cd Bugcrowd-MCP
make install
2. Configure credentials
Create a .env file in the project root (it is gitignored):
BUGCROWD_API_USERNAME=your_api_username
BUGCROWD_API_PASSWORD=your_api_password
Alternatively, export them as shell environment variables.
3. Run the server
The server communicates over stdio — no HTTP port is opened.
python server.py
4. Connect to Claude Desktop
Add the following block to your Claude Desktop MCP config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"BugcrowdMCP": {
"command": "python",
"args": ["server.py"],
"cwd": "/path/to/Bugcrowd-MCP"
}
}
}
Development
make format # format with black
make format-check # check formatting without writing changes
make test # run unit tests (mocked, no credentials needed)
make test-integration # run live API tests (requires .env credentials)
make clean # remove build artefacts and caches
Testing
Unit tests live in tests/test_server.py and mock all HTTP calls via respx — no real credentials are needed.
Integration tests are marked with @pytest.mark.integration and hit the live Bugcrowd API. They are skipped automatically if credentials are not present.