Skip to main content
Category: MCP Server Runtime: Python 3.10+

Summary

Stop copying scope tables by hand. The Rifteo Context MCP server gives your AI agent live access to bug bounty program scope directly from the platform — in-scope assets, out-of-scope exclusions, bounty eligibility, and policy — before a single test is run.
  • Fetches live scope from HackerOne, Intigriti, YesWeHack, Bugcrowd, and Immunefi
  • Searches publicly disclosed HackerOne reports by vulnerability type, technology, or keyword
  • Loads Rifteo security contexts (L1 overview or L2 full methodology) on demand
  • Registers automatically with Claude Code, Cursor, Windsurf, Gemini CLI, and 7 other agents

Installation

git clone https://github.com/Rifteo/context-mcp
cd context-mcp
pip install -e .

Register with your agent

Auto-install — detects all installed agents: 
rifteo-context install
Single agent: 
rifteo-context install --agent claude-code
rifteo-context install --agent cursor
rifteo-context install --agent gemini-cli
Project-level only: 
rifteo-context install --agent claude-code --project
Supported agents:
AgentConfig location
claude-code~/.claude.json
cursor~/.cursor/mcp.json
windsurf~/.codeium/windsurf/mcp_config.json
gemini-cli~/.gemini/settings.json
cline~/.cline/data/settings/cline_mcp_settings.json
kiro~/.kiro/settings/mcp.json
codex~/.codex/config.toml
opencode~/.config/opencode/opencode.json
amp~/.config/amp/settings.json
continue~/.continue/config.json

MCP Tools

Bug Bounty Platforms

ToolWhat it does
get_program_scopeFetch live scope for any bug bounty program — in-scope, out-of-scope, bounty eligibility, policy
search_hacktivitySearch publicly disclosed HackerOne reports by vulnerability type, tech, or keyword
Once registered, ask your agent: 
get the scope for hackerone program "github"
get the scope for yeswehack program "datadome-bot-bounty"
search hacktivity for GraphQL vulnerabilities
search hacktivity for SSRF in cloud environments
Platform support:
PlatformScopeAuth required
hackeroneFull scope + policyYes — username + API token
intigritiFull scopeYes — API token
yeswehackFull scopeNo
bugcrowdPartial (public HTML)No
immunefiDirect linkNo

Security Contexts

ToolWhat it does
list_contextsList all available Rifteo contexts with one-line summaries
get_contextLoad a context by name — L1 overview or L2 full methodology
search_contextsSearch contexts by keyword
Each context has two levels:
  • L1 — Overview and when to use (default, lightweight)
  • L2 — Full detailed methodology
Ask your agent: 
list all available security contexts
get the web-app-pentest context
load cloud-audit full methodology
search contexts for jwt

Authentication

HackerOne — get your token at hackerone.com/settings/api_token/edit 
rifteo-context auth hackerone
# HackerOne username: yourname
# HackerOne API token: ****
Intigriti — get your token at app.intigriti.com/settings/api 
rifteo-context auth intigriti
# Intigriti API token: ****
YesWeHack and search_hacktivity work without credentials. Manage connected platforms: 
rifteo-context auth --list
rifteo-context auth --remove hackerone

Web App Pentest

Full web application penetration test methodology

Code Audit

Source code security review methodology

Cloud Audit

AWS, GCP, and Azure security audit methodology