BLT-MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
npm install
npm run build
2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add -e "BLT_API_BASE=${BLT_API_BASE}" -e "BLT_API_KEY=${BLT_API_KEY}" blt-mcp -- node "<FULL_PATH_TO_BLT_MCP>/dist/index.js"

Replace <FULL_PATH_TO_BLT_MCP>/dist/index.js with the actual folder you prepared in step 1.

Required:BLT_API_BASEBLT_API_KEY
README.md

Structured access to the OWASP Bug Logging Tool (BLT) ecosystem

BLT-MCP

An MCP (Model Context Protocol) server that provides AI agents and developers with structured access to the BLT (Bug Logging Tool) ecosystem. This server enables seamless integration with IDEs and chat interfaces to log bugs, triage issues, query data, and manage security workflows.

Overview

BLT-MCP implements the MCP standard, giving AI agents structured access to BLT through three powerful layers:

🔗 Resources (blt:// URIs)

Access BLT data through standardized URIs:

  • blt://issues - All issues in the system
  • blt://issues/{id} - Specific issue details
  • blt://repos - Tracked repositories
  • blt://repos/{id} - Specific repository details
  • blt://contributors - All contributors
  • blt://contributors/{id} - Specific contributor details
  • blt://workflows - All workflows
  • blt://workflows/{id} - Specific workflow details
  • blt://leaderboards - Leaderboard rankings and statistics
  • blt://rewards - Rewards and bacon points

🛠️ Tools

Perform actions on BLT:

  • submit_issue - Report new bugs and vulnerabilities
  • award_bacon - Award bacon points to contributors (gamification)
  • update_issue_status - Change issue status (open, in_progress, resolved, closed, wont_fix)
  • add_comment - Add comments to issues

💡 Prompts

AI-guided workflows for common security tasks:

  • triage_vulnerability - Guide AI through vulnerability triage and severity assessment
  • plan_remediation - Create comprehensive remediation plans for security issues
  • review_contribution - Evaluate contributions with quality assessment and bacon point recommendations

Features

  • JSON-RPC 2.0 - Standard protocol for reliable communication
  • OAuth/API Key Authentication - Secure access to BLT endpoints
  • Unified Interface - Single agent-friendly interface to all BLT functionality
  • Autonomous Workflows - Enable AI agents to work independently
  • Gamification Support - Built-in support for BLT's bacon point system
  • Security-First - Designed for vulnerability management and security workflows

Installation

Prerequisites

  • Node.js 18 or higher
  • npm or yarn

Install Dependencies

npm install

Build

npm run build

Configuration

Environment Variables

Create a .env file based on .env.example:

cp .env.example .env

Configure the following variables:

BLT_API_BASE=https://blt.owasp.org/api
BLT_API_KEY=your_api_key_here

MCP Client Configuration

To use this server with an MCP client (like Claude Desktop or Cline), add it to your MCP settings:

{
  "mcpServers": {
    "blt": {
      "command": "node",
      "args": ["/absolute/path/to/blt-mcp/dist/index.js"],
      "env": {
        "BLT_API_BASE": "https://blt.owasp.org/api",
        "BLT_API_KEY": "your_api_key_here"
      }
    }
  }
}

Usage

Running the Server

The server runs using stdio transport for MCP communication:

node dist/index.js

Using with AI Agents

Once configured in your MCP client, you can interact with BLT through natural language:

Example: Submitting an Issue
"Submit a new critical vulnerability in the authentication system of repo 123"

The AI agent will use the submit_issue tool to create the issue.

Example: Accessing Resources
"Show me the leaderboard"

The AI agent will read from blt://leaderboards to display the rankings.

Example: Using Prompts
"Help me triage this XSS vulnerability in the login form"

The AI agent will use the triage_vulnerability prompt to guide the analysis.

API Reference

Resources

List All Issues
URI: blt://issues
Returns: JSON array of all issues
Get Specific Issue
URI: blt://issues/{id}
Returns: JSON object with issue details
Leaderboards
URI: blt://leaderboards
Returns: JSON object with leaderboard data

Tools

submit_issue

Submit a new issue to BLT.

Parameters:

  • title (string, required) - Issue title
  • description (string, required) - Detailed description
  • repo_id (string, optional) - Repository ID
  • severity (string, optional) - One of: low, medium, high, critical
  • type (string, optional) - One of: bug, vulnerability, feature, other

Example:

{
  "title": "XSS vulnerability in login form",
  "description": "The login form is vulnerable to reflected XSS...",
  "repo_id": "123",
  "severity": "high",
  "type": "vulnerability"
}
award_bacon

Award bacon points to a contributor.

Parameters:

  • contributor_id (string, required) - Contributor ID
  • points (number, required) - Points to award
  • reason (string, required) - Reason for the award
update_issue_status

Update the status of an issue.

Parameters:

  • issue_id (string, required) - Issue ID
  • status (string, required) - One of: open, in_progress, resolved, closed, wont_fix
  • comment (string, optional) - Explanation fo

Tools (4)

submit_issueReport new bugs and vulnerabilities to the BLT system.
award_baconAward bacon points to contributors for gamification.
update_issue_statusChange the status of an existing issue.
add_commentAdd comments to existing issues.

Environment Variables

BLT_API_BASErequiredThe base URL for the BLT API endpoint.
BLT_API_KEYrequiredThe API key for authenticating with the BLT service.

Configuration

claude_desktop_config.json
{"mcpServers": {"blt": {"command": "node", "args": ["/absolute/path/to/blt-mcp/dist/index.js"], "env": {"BLT_API_BASE": "https://blt.owasp.org/api", "BLT_API_KEY": "your_api_key_here"}}}}

Try it

Submit a new critical vulnerability in the authentication system of repo 123
Show me the current leaderboard rankings
Help me triage this XSS vulnerability in the login form
Award 50 bacon points to contributor ID 456 for their excellent security patch
Update the status of issue 789 to resolved and add a comment explaining the fix

Frequently Asked Questions

What are the key features of BLT-MCP?

JSON-RPC 2.0 communication protocol. Unified interface for bug logging and issue triage. Gamification support via bacon point system. Autonomous security workflow management. Standardized resource access via blt:// URIs.

What can I use BLT-MCP for?

Automating vulnerability reporting directly from IDEs. Streamlining security triage workflows for development teams. Managing contributor rewards and leaderboards in security projects. Integrating AI agents into existing OWASP BLT security workflows.

How do I install BLT-MCP?

Install BLT-MCP by running: npm install && npm run build

What MCP clients work with BLT-MCP?

BLT-MCP works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep BLT-MCP docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all other servers →

Related MCP Servers

Nuclear
Free, open-source music player without ads or tracking.
other17.1K stars
Domain Check
Fast domain availability checker with RDAP/WHOIS lookup and batch checking.
other253 stars
US Government Open Data MCP
MCP Server + TypeScript SDK for 40+ U.S. Government APIs
other90 stars
Garmin Connect
Access your fitness, health, and training data from MCP clients.
other71 stars
BinjaLattice MCP
Secure communication protocol for Binary Ninja and MCP servers
other61 stars
Ghidra Headless MCP
Headless Ghidra server for AI-driven reverse engineering and analysis
other46 stars