Is Htb Mcp Server safe to use?

Htb Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Htb Mcp Server?

Htb Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Htb Mcp Server do?

Htb Mcp Server provides 12 tools: list_challenges, start_challenge, submit_challenge_flag, list_machines, start_machine and 7 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Htb Mcp Server?

Htb Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Htb Mcp Server actively maintained?

Htb Mcp Server is less actively maintained — last commit was 306 days ago. It has 2 GitHub stars.

Htb Mcp Server

Name: Htb Mcp Server
Author: noaslr

by noaslr

Model Context Protocol integration for HackTheBox API access and CTF management

2 12 tools GitHub

No known CVEs

No license

Stale

Last commit 306d ago

Works with most clients

Transport: stdio

12 tools · ~504 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Security Education

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "htb": {
      "env": {
        "HTB_TOKEN": "your.jwt.token.here"
      },
      "command": "/path/to/htb-mcp-server"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/htb-mcp-server)](https://mcppedia.org/s/htb-mcp-server)

Read me

What Htb Mcp Server does

A Model Context Protocol (MCP) server that provides AI assistants with programmatic access to HackTheBox platform functionality.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

57/100across 5 weighted dimensions

How we score →

0255075100

−43

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (12)

Click any tool to inspect its schema.

~504 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Htb Mcp Server safe to use?: Htb Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Htb Mcp Server?: Htb Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Htb Mcp Server do?: Htb Mcp Server provides 12 tools: list_challenges, start_challenge, submit_challenge_flag, list_machines, start_machine and 7 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Htb Mcp Server?: Htb Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Htb Mcp Server actively maintained?: Htb Mcp Server is less actively maintained — last commit was 306 days ago. It has 2 GitHub stars.

Similar servers

Others in security / education

View all →

Arxiv Mcp Server94

A Model Context Protocol server for searching and analyzing arXiv papers

2.8k 4

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Notebooklm Mcp93

MCP server for NotebookLM - Let your AI agents (Claude Code, Codex) research documentation directly with grounded, citation-backed answers from Gemini. Persistent auth, library management, cross-client sharing. Zero hallucinations, just your knowledge base.

2.6k 4

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

MCP Security Weekly

Get CVE alerts and security updates for Htb Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Education

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "htb": {
      "env": {
        "HTB_TOKEN": "your.jwt.token.here"
      },
      "command": "/path/to/htb-mcp-server"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/htb-mcp-server)](https://mcppedia.org/s/htb-mcp-server)

Read me

What Htb Mcp Server does

A Model Context Protocol (MCP) server that provides AI assistants with programmatic access to HackTheBox platform functionality.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

HackTheBox MCP Server

A Model Context Protocol (MCP) server that provides AI assistants with programmatic access to HackTheBox platform functionality.

Features

The HTB MCP Server exposes 12 comprehensive tools for interacting with the HackTheBox platform:

Challenge Management

list_challenges - Get paginated list of challenges with filtering
start_challenge - Initialize a challenge environment
submit_challenge_flag - Submit flags for challenge verification

Machine Management

list_machines - Get active/retired machines with status information
start_machine - Start a machine and get connection details
get_machine_ip - Retrieve IP address of active machine
submit_user_flag - Submit user flags for machines
submit_root_flag - Submit root flags for machines

User Management

get_user_profile - Retrieve user profile and statistics
get_user_progress - Get completion status and achievements

Search & Utility

search_content - Advanced search across challenges/machines/users
get_server_status - Health check and server information

Prerequisites

Go 1.21 or later
Valid HackTheBox account with API access
HTB API token (JWT format)

Installation

Clone the repository:

git clone https://github.com/NoASLR/htb-mcp-server.git
cd htb-mcp-server

Build the binary:
```
go build -o htb-mcp-server main.go
```
Get your HTB API token:
- Go to HackTheBox Profile Settings
- Generate an App Token
- Copy the JWT token (format: xxx.yyy.zzz)

Configuration

The server is configured via environment variables:

Required

HTB_TOKEN - Your HackTheBox API token (JWT format)

Optional

SERVER_PORT - Server port (default: 3000)
LOG_LEVEL - Logging level: DEBUG, INFO, WARN, ERROR (default: INFO)
RATE_LIMIT_PER_MINUTE - API rate limiting (default: 100)
CACHE_TTL_SECONDS - Response cache TTL (default: 300)
REQUEST_TIMEOUT_SECONDS - HTTP request timeout (default: 30)

Usage

Standalone Mode

export HTB_TOKEN="your.jwt.token.here"
./htb-mcp-server

Docker Mode

docker build -t htb-mcp-server .
docker run -e HTB_TOKEN="your.jwt.token.here" htb-mcp-server

MCP Client Integration

Add to your MCP client configuration (e.g., Claude Desktop):

{
  "mcpServers": {
    "htb": {
      "command": "/path/to/htb-mcp-server",
      "env": {
        "HTB_TOKEN": "your.jwt.token.here"
      }
    }
  }
}

Example Usage

Once connected, you can use the tools through your AI assistant:

# List active challenges
"Can you show me the available Web challenges on HackTheBox?"

# Start a machine
"Please start machine ID 123 and get its IP address"

# Submit a flag
"Submit the user flag 'HTB{example_flag}' for machine 123"

# Search for content
"Search for machines related to 'Active Directory'"

# Check server status
"What's the current status of the HTB MCP server?"

API Endpoints

The server implements the MCP protocol over stdio transport. All communication follows the JSON-RPC 2.0 specification.

Core MCP Methods

initialize - Initialize the MCP session
tools/list - List available tools
tools/call - Execute a specific tool

HTB API Integration

The server integrates with HackTheBox API v4:

Base URL: https://labs.hackthebox.com/api/v4
Authentication: Bearer token (JWT)
Rate limiting: Respects HTB API limits

Development

Project Structure

htb-mcp-server/
├── main.go                    # Entry point
├── pkg/
│   ├── config/               # Configuration management
│   ├── htb/                  # HTB API client
│   └── mcp/                  # MCP protocol implementation
├── internal/
│   ├── server/               # MCP server core
│   └── tools/                # Tool implementations
├── tests/       

... [View full README on GitHub](https://github.com/noaslr/htb-mcp-server#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

57/100across 5 weighted dimensions

How we score →

0255075100

−43

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (12)

Click any tool to inspect its schema.

~504 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Htb Mcp Server safe to use?: Htb Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Htb Mcp Server?: Htb Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Htb Mcp Server do?: Htb Mcp Server provides 12 tools: list_challenges, start_challenge, submit_challenge_flag, list_machines, start_machine and 7 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Htb Mcp Server?: Htb Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Htb Mcp Server actively maintained?: Htb Mcp Server is less actively maintained — last commit was 306 days ago. It has 2 GitHub stars.