{"id":"patrikfehrenbach-h1-brain","name":"h1-brain","af_score":54.5,"security_score":55.8,"reliability_score":22.5,"what_it_does":"h1-brain is an MCP server that connects an AI assistant to HackerOne. It syncs a user’s rewarded reports, programs, and scopes via the HackerOne API into a local SQLite database, queries a pre-bundled database of public disclosed bounty reports, and exposes MCP tools (notably hack(handle)) to search/analyze that data and generate structured attack briefings.","best_when":"You want an offline/local, agent-driven research assistant for bug bounty triage that can reuse your past HackerOne data and compare it to public disclosed reports.","avoid_when":"You need a hardened, multi-tenant hosted service with strong operational guarantees, or you cannot handle storing/processing bug bounty content locally.","last_evaluated":"2026-03-30T13:36:06.136223+00:00","has_mcp":true,"has_api":false,"auth_methods":["HackerOne API token via environment variable (H1_API_TOKEN)"],"has_free_tier":false,"known_gotchas":["hack(handle) likely triggers multiple API/database operations; agents should be careful with repeated calls to avoid unnecessary sync/API usage","Attachment URLs may expire (~1 hour) so agents should fetch/download promptly","Disclosed public reports DB is bundled and may be out-of-date relative to current HackerOne disclosures"],"error_quality":0.0}