How I Hunt Security Bounties with Claude Code (Real Workflow, Real Payouts)

Most security bounty guides tell you to "learn OWASP Top 10" and "practice on HackTheBox." That's fine for learning. But if you want to actually earn money from bounties, you need a workflow that scales — because manually reading source code doesn't.

I've been using Claude Code with custom skills to scan open-source repositories for vulnerabilities. Here's my actual workflow, with real examples from repos I've scanned.

The Problem with Manual Code Auditing

Open-source security bounties are a goldmine if you know where to look. Projects like Anthropic's MCP servers, Microsoft's TypeAgent, and dozens of mid-tier repos on GitHub all have bounty programs or responsible disclosure policies.

But manually auditing a 50,000-line codebase? That's a week of your life for maybe one finding. I needed something faster.

My Workflow: Claude Code + Semgrep + Custom Skills

Here's the stack I use:

• Claude Code as the orchestration layer

• Semgrep for pattern-based static analysis

• A custom security scanner skill that chains these together

The key insight: Claude Code skills let you encode repeatable security analysis workflows into reusable commands. Instead of remembering which Semgrep rules to run and how to interpret the results, you build it once and invoke it with /scan.

Step 1: Clone and Scope

git clone https://github.com/target/repo cd repo

git clone https://github.com/target/repo cd repo

Quick file count and language breakdown

find . -name ".ts" -o -name ".py" -o -name ".js" | wc -l`

Enter fullscreen mode

Exit fullscreen mode

Before scanning, I scope the attack surface. For MCP servers, the interesting files are:

• Request handlers (where user input enters)

• Tool definitions (where commands get executed)

• Authentication middleware (where trust decisions happen)

Step 2: Run Semgrep with Custom Rules

Generic Semgrep rulesets catch the obvious stuff. The real value is custom rules tuned to the framework you're auditing.

For MCP servers, I wrote rules that catch:

rules:

• id: mcp-unvalidated-tool-input patterns:
• pattern: | $HANDLER($REQUEST, ...) { ... $CMD = $REQUEST.params.$FIELD ... }
• pattern-not: | $HANDLER($REQUEST, ...) { ... validate($REQUEST.params.$FIELD) ... } message: "Tool input used without validation" severity: WARNING`

Enter fullscreen mode

Exit fullscreen mode

This catches the pattern I found in 20+ MCP server implementations: user-supplied tool parameters flowing directly into file paths, shell commands, or database queries without sanitization.

Step 3: Claude Code Analyzes Context

This is where it gets powerful. Semgrep gives you pattern matches, but Claude Code understands context. When I feed Semgrep results into Claude Code:

/scan --repo . --rules mcp-security

Enter fullscreen mode

Exit fullscreen mode

It does things Semgrep can't:

• Traces data flow across multiple files

• Understands whether a "validation" function actually validates anything

• Identifies business logic flaws (like TOCTOU races in file operations)

• Writes a proof-of-concept to verify the finding

Step 4: Verify and Report

Every finding gets a PoC. No PoC = no bounty. Claude Code generates these automatically:

# PoC: Path traversal in file-read tool import requests

# PoC: Path traversal in file-read tool import requests

payload = { "tool": "read_file", "params": { "path": "../../../../etc/passwd" } }

response = requests.post( "http://localhost:3000/mcp/tool", json=payload )

If status 200 and response contains "root:",

the path traversal is confirmed

print(response.text)`

Enter fullscreen mode

Exit fullscreen mode

Real Results

Using this workflow, I've found:

• Path traversal in 3 MCP server implementations

• Command injection via unsanitized tool parameters in 2 repos

• SSRF through URL-type tool inputs in 1 server

• Information disclosure via verbose error messages in 5+ servers

My article "I Audited Microsoft's MCP Servers and Found 20 Vulnerabilities" covers some of these findings in detail.

Building Your Own Security Scanner Skill

The workflow above is exactly what my Security Scanner Skill for Claude Code automates. It bundles:

• Pre-built Semgrep rules for MCP, FastAPI, Express, and Django

• Automated triage that ranks findings by exploitability, not just severity

• PoC generation for confirmed vulnerabilities

• Report templates formatted for responsible disclosure or bounty submission

You invoke it with a single command and get a prioritized list of findings with proof-of-concepts. It's the difference between spending a week on manual review and getting actionable results in 20 minutes.

If you're building your own, here's what matters:

1. Layer your analysis

Static patterns (Semgrep) → Context analysis (LLM) → Dynamic verification (PoC)

Enter fullscreen mode

Exit fullscreen mode

Each layer filters out false positives from the previous one. Semgrep catches 200 matches, Claude Code narrows it to 15 likely vulns, PoC verification confirms 3-5 real issues.

2. Encode framework-specific knowledge

Generic "find SQL injection" rules produce noise. Rules that understand how Express middleware chains work, or how MCP tool definitions pass parameters, produce signal.

3. Automate the boring parts

Report writing, PoC scaffolding, CVSS scoring — these are mechanical tasks. Let the skill handle them so you can focus on the creative part: understanding the application's trust boundaries.

What Bounties Actually Pay

Let's be honest about the money:

Severity Typical Payout (OSS) Time to Find

Critical (RCE) $500-$5,000 Rare

High (SQLi, Path Traversal) $200-$1,000 1-3 per large audit

Medium (SSRF, Info Disclosure) $50-$500 3-5 per audit

Low (Missing Headers) $0-$50 Many, but not worth reporting

The math works when you can audit 3-4 repos per week instead of 1 per month. That's what automation gives you.

Getting Started

• Set up Claude Code with Semgrep installed locally

• Pick a target: start with repos that have SECURITY.md or a bug bounty program listed

• Focus on input boundaries — every place user data enters the application

• Build your rule library incrementally — every finding teaches you a new pattern

If you want to skip the setup and start scanning immediately, the Security Scanner Skill is $10 and comes with everything pre-configured. I also built an API Connector Skill that's useful for testing API-heavy targets — it handles auth flows, rate limiting, and response parsing so you can focus on the security analysis.

The best part about security bounties: the supply of vulnerable code is infinite and growing. Every new framework, every new MCP server, every new API — it's all attack surface waiting to be audited.

Have questions about security scanning with Claude Code? Drop a comment or check out my other articles on MCP security research.