🔐 MCP Token Generation and Access Control
📘 Overview
MCP (Model Context Protocol) is a protocol that bridges AI tools with the Hack The Box CTF platform, allowing users to interact with challenges and events via tools like Claude or Visual Studio Code.
🤖 What is MCP?
MCP (Model Context Protocol) is a powerful bridge between AI models and APIs, developed by Anthropic. It allows direct communication between AI tools and platforms — like HTB’s CTF environment — using secure tokens.
With MCP, you can:
Register for CTF events from AI tools
Start/stop challenge containers
Submit flags
View solve stats
And much more!
This opens the door for hybrid AI-human collaboration and enriched learning workflows.
🧪 How It Works
Go to Your Profile
Navigate to:
Profile Settings > MCP AccessClick Generate Token
⚠️ Tokens are one-time viewable. Make sure to copy and save it securely!⚠️
Token Management
View token expiration
Revoke the token at any time
Tool Integration
Use your MCP token with tools like
Claude
Claude Desktop
VS Code with GitHub CopilotEach tool has its own setup. Full guides below.
🖥️ Claude Desktop
Overview
Claude Desktop is Anthropic's desktop app. Since it only supports the stdio transport, it requires mcp-proxy.
📦 Prerequisites
Claude Desktop installed
A valid MCP API token
mcp-proxyinstalled (standalone or viauv)
⚙️ Setup
Open Claude Desktop Settings
macOS:
Claudemenu →Settings…Windows: Use the main application menu
Access Developer Options
Go to Developer in the sidebar → Click Edit Config
Open the Config File
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.json
Replace with the following (depending on your setup):
Standalone - macOS/Linux
{
"mcpServers": {
"htb-mcp-ctf": {
"command": "/path/to/mcp-proxy",
"args": [
"https://mcp.ai.hackthebox.com/v1/ctf/sse/"
],
"env": {
"API_ACCESS_TOKEN": "<API token>"
}
}
}
}Standalone - Windows
{
"mcpServers": {
"htb-mcp-ctf": {
"command": "/path/to/mcp-proxy.exe",
"args": [
"https://mcp.ai.hackthebox.com/v1/ctf/sse/"
],
"env": {
"API_ACCESS_TOKEN": "<API token>"
}
}
}
}Using UV
{
"mcpServers": {
"htb-mcp-ctf": {
"command": "uvx",
"args": [
"mcp-proxy",
"https://mcp.ai.hackthebox.com/v1/ctf/sse/"
],
"env": {
"API_ACCESS_TOKEN": "<API token>"
}
}
}
}
5. Save and Restart Claude Desktop
6. Verify successful integration
A slider icon should appear at the bottom left corner of the window. Clicking this icon will display the list of available tools.
✅ Example Prompts
Which CTF events are currently running?
Show me the leaderboard for event
HTB2025.What team am I currently a member of?
🛠️ Troubleshooting
Ensure config file is correctly saved
Check token validity and proxy path
Restart the app fully
Claude Desktop's documentation offers more details on troubleshooting.
🤖 Claude Code
Overview
Claude Code is Anthropic's CLI tool for interacting with Claude AI. You can connect it directly to HTB's MCP server to participate in CTF events.
📦 Prerequisites
Claude Code installed on the system
A valid MCP API token
⚙️ Setup
claude mcp add --transport sse htb-mcp-ctf https://mcp.ai.hackthebox.com/v1/ctf/sse/ --header "Authorization: Bearer <API Token>"
⚠️ Replace <API token> with your actual MCP token from your profile.
🛠️ Troubleshooting
For detailed usage, refer to Claude Code's MCP documentation.
🧠 Visual Studio Code + GitHub Copilot
Overview
VS Code with GitHub Copilot supports MCP to connect with HTB's CTF API and provide in-editor AI-assisted functionality.
📦 Prerequisites
⚙️ Setup
Open Command Palette (
⇧⌘PorView > Command Palette)Search
MCP→ Select MCP: Add ServerChoose HTTP (Server-Sent Events)
Set the URL:
https://mcp.ai.hackthebox.com/v1/ctf/sse/
Server ID example:
htb-mcp-ctf
Choose User Settings or Workspace Settings
Update the generated config to:
{
"servers": {
"htb-mcp-ctf": {
"url": "https://mcp.ai.hackthebox.com/v1/ctf/sse/",
"type": "http",
"headers": { "Authorization": "Bearer <API token>" }
}
}
}⚠️ Don’t forget to replace <API token> With your actual one.
✅ Testing the Integration
Open Copilot Chat (
^⌘Ior from the sidebar)Ensure Agent is selected
Try: Which CTF events are currently available?
🛠️ Troubleshooting
Enable:
Chat > MCP: EnabledIn VS Code settingsCheck for typos in the URL or token
Avoid trailing spaces in your token
🛠️ Supported Features via MCP
Category | Tool/Action | Description |
Event Management | List CTF Events | Retrieve all available events |
| Retrieve CTF Details | Get detailed info about a specific event |
| Join CTF Event | Register a team for participation |
Scoring & Analytics | Get CTF Scores | View team rankings and scores |
| Get All Solves | See all solves for an event |
| Get Team Solves | See the history of a specific team |
| Get Challenge Solves | View solves for a specific challenge |
Team Management | Get My Teams | List all teams linked to your account |
Challenge Interaction | Submit Flag | Submit a flag for validation |
| Get Download Link | Get a temporary signed URL for challenge files |
Container Management | Start Container | Start a challenge container |
| Stop Container | Stop a challenge container |
| Container Status | Check the current status of the container |
🔧 Generic Integration Instructions
You can also use any AI assistant or editor that supports Model Context Protocol (MCP) via either Server-Sent Events (SSE) or studio.
Server-Sent Events (SSE)
HTB's MCP server uses SSE transport for real-time streaming and interaction.
MCP SSE URL:
https://mcp.ai.hackthebox.com/v1/ctf/sse/HTTP Headers:
Authorization: Bearer <your MCP token>
Make sure to replace <your MCP token> with your personal token from the MCP settings page.
Standard Input/Output (stdio) via Proxy
Some tools don’t support SSE directly. In such cases, you can use a proxy like mcp-proxy to bridge the gap.
Standalone Setup
Set the environment variable:
export API_ACCESS_TOKEN=<your MCP token>
Run:
/path/to/mcp-proxy https://mcp.ai.hackthebox.com/v1/ctf/sse/
⚙️ UV Setup
Set the environment variable:
export API_ACCESS_TOKEN=<your MCP token>
Run:
uvx mcp-proxy https://mcp.ai.hackthebox.com/v1/ctf/sse/
uvx is part of the uv ecosystem, a fast JavaScript/TypeScript runtime.