{"id":"patrikfehrenbach-h1-brain","name":"h1-brain","homepage":null,"repo_url":"https://github.com/PatrikFehrenbach/h1-brain","category":"security","subcategories":[],"tags":["mcp","hackerone","bug-bounty","pentesting","sqlite","local-tools","ai-assistant-integration"],"what_it_does":"h1-brain is an MCP server that connects an AI assistant to HackerOne. It syncs a user’s rewarded reports, programs, and scopes via the HackerOne API into a local SQLite database, queries a pre-bundled database of public disclosed bounty reports, and exposes MCP tools (notably hack(handle)) to search/analyze that data and generate structured attack briefings.","use_cases":["Searching and summarizing a researcher’s own HackerOne bounty history","Querying public disclosed HackerOne reports for vulnerability/weakness patterns by program and asset","Generating personalized bug bounty “briefings” that combine personal findings, scope data, and cross-referenced public disclosures","Building an agent workflow via MCP tools (e.g., Claude Desktop/Code) to iterate on target selection and vulnerability hypotheses"],"not_for":["Automated exploitation against real targets without authorization","Security-critical compliance or legal decision support","A production-grade, publicly hosted API service (it appears designed for local use with an MCP client)","Use in environments that require strict data residency guarantees"],"best_when":"You want an offline/local, agent-driven research assistant for bug bounty triage that can reuse your past HackerOne data and compare it to public disclosed reports.","avoid_when":"You need a hardened, multi-tenant hosted service with strong operational guarantees, or you cannot handle storing/processing bug bounty content locally.","alternatives":["Use the HackerOne API directly with custom tooling and your own database","Manual research workflows using HackerOne public disclosure pages plus your own notes","Other MCP/local knowledgebase servers that index security write-ups (e.g., vector-search over your own corpus)"],"af_score":54.5,"security_score":55.8,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:36:06.136223+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["Python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["HackerOne API token via environment variable (H1_API_TOKEN)"],"oauth":false,"scopes":false,"notes":"Authentication is token-based for HackerOne API access, configured via env vars. The README does not mention fine-grained scopes or token permissions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"The project itself is MIT-licensed and appears self-hosted/local; costs depend on HackerOne API usage and your compute."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":54.5,"security_score":55.8,"reliability_score":22.5,"mcp_server_quality":65.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":20.0,"tls_enforcement":70.0,"auth_strength":60.0,"scope_granularity":40.0,"dependency_hygiene":45.0,"secret_handling":60.0,"security_notes":"Uses a HackerOne API token via environment variables. README does not discuss secure secret storage practices beyond env vars, does not document whether tokens/logs are sanitized, and provides no explicit rate-limit, retry, or threat-model guidance. The app also stores personal bounty data locally in SQLite; ensure local machine security and backups, and avoid running on shared/multi-user systems.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":30.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":"README indicates periodic re-sync (fetch_rewarded_reports/fetch_programs), but does not document idempotency, deduping strategy, or safe re-run behavior.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["hack(handle) likely triggers multiple API/database operations; agents should be careful with repeated calls to avoid unnecessary sync/API usage","Attachment URLs may expire (~1 hour) so agents should fetch/download promptly","Disclosed public reports DB is bundled and may be out-of-date relative to current HackerOne disclosures"]}}