{"id":"noaslr-htb-mcp-server","name":"htb-mcp-server","af_score":69.2,"security_score":68.8,"reliability_score":37.5,"what_it_does":"Provides an MCP (Model Context Protocol) server over stdio that exposes tools for interacting with the HackTheBox Labs API v4, including challenge/machine listing and management, flag submission, user profile/progress retrieval, and a server status health check.","best_when":"You want a local/agent-run MCP tool that standardizes HackTheBox API actions for LLM/agent workflows.","avoid_when":"You need externally hosted HTTP APIs/webhooks, fine-grained per-user audit trails, or you cannot safely provide and protect the HTB token in the environment where the MCP process runs.","last_evaluated":"2026-04-04T19:45:44.385501+00:00","has_mcp":true,"has_api":false,"auth_methods":["Bearer token (JWT format) via HTB_TOKEN environment variable"],"has_free_tier":false,"known_gotchas":["Flag submission and challenge/machine start actions may be non-idempotent; repeated calls could cause unintended state changes","Rate limiting exists and may require the agent to throttle; README suggests reducing request frequency/increasing RATE_LIMIT_PER_MINUTE but does not specify header-based backoff logic","Pagination/filtering arguments are described only at a high level; exact schemas/arg names are not included in the README excerpt","Health check mentions a curl to /health on localhost:3000, but the MCP server description indicates stdio transport; this discrepancy may confuse operators integrating MCP clients"],"error_quality":null}