Add Mantis (autonomous bug bounty hunter) to Tools & Integrations#154
Conversation
Autonomous bug bounty hunter for authorized engagements. Adds bundle, README entry, and plugins.json record under Tools & Integrations. - plugins/deonmenezes/mantishack/: full bundle (.codex-plugin/plugin.json, .mcp.json, assets/icon.svg) - README.md: alphabetical entry between Launch Fast and Mobazha - plugins.json: matching record (total 86 -> 87) - MCP server runs via `npx -y -p mantishack mantis-mcp` so install is one command on any host with Node. Note: .agents/plugins/marketplace.json entry not included in this PR (per scope guidance); happy to follow up with a separate PR if helpful. Repo: https://github.com/deonmenezes/mantishack License: Apache-2.0 OR MIT Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds the 'Mantis' plugin, an autonomous bug bounty hunter, to the repository. The changes include updating the README and global plugin registry, along with adding the plugin's configuration, MCP server definition, and icon assets. Feedback was provided regarding the plugin's metadata: the privacyPolicyURL should point to a dedicated privacy policy rather than a security policy, and the termsOfServiceURL appears to point to a placeholder file that should be updated to the correct legal document.
| "composerIcon": "./assets/icon.svg", | ||
| "logo": "./assets/icon.svg", | ||
| "websiteURL": "https://mantishack.com", | ||
| "privacyPolicyURL": "https://github.com/deonmenezes/mantishack/blob/main/SECURITY.md", |
There was a problem hiding this comment.
The privacyPolicyURL points to SECURITY.md. A security policy typically covers vulnerability disclosure processes, whereas a privacy policy should detail data handling practices. Please update this to point to a valid privacy policy or a relevant legal document.
| "logo": "./assets/icon.svg", | ||
| "websiteURL": "https://mantishack.com", | ||
| "privacyPolicyURL": "https://github.com/deonmenezes/mantishack/blob/main/SECURITY.md", | ||
| "termsOfServiceURL": "https://github.com/deonmenezes/mantishack/blob/main/DISCLAIMER_BOB_STYLE.md", |
There was a problem hiding this comment.
The termsOfServiceURL points to a file named DISCLAIMER_BOB_STYLE.md, which appears to be a placeholder or a template artifact. Please ensure this points to the correct legal disclaimer or terms of service file in the repository.
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| - [KiCad Happy](https://github.com/aklofas/kicad-happy) - KiCad EDA skills for schematic analysis, PCB layout review, component sourcing, BOM management, and manufacturing preparation. | ||
| - [Langfuse Observability](https://github.com/avivsinai/langfuse-mcp) - Query traces, debug exceptions, analyze sessions, and manage prompts via MCP tools. | ||
| - [Launch Fast](https://github.com/BlockchainHB/launchfast_codex_plugin) - Official Launch Fast plugin adapter for rapid SaaS deployment. | ||
| - [Mantis](./plugins/deonmenezes/mantishack) - Autonomous bug bounty hunter for authorized engagements — 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. |
There was a problem hiding this comment.
SUGGESTION: Inconsistent link format - use GitHub URL like other plugin entries
All other plugins in the list use direct GitHub URLs (e.g., https://github.com/...), but this entry uses a relative link (./plugins/deonmenezes/mantishack). For consistency and correctness, please use the same GitHub URL as specified in plugins.json: https://github.com/deonmenezes/mantishack
Code Review SummaryStatus: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)SUGGESTION
All other plugins in the list use direct GitHub URLs (e.g., https://github.com/...), but this entry uses a relative link (./plugins/deonmenezes/mantishack). For consistency and correctness, please use the same GitHub URL as specified in plugins.json: https://github.com/deonmenezes/mantishack | Files Reviewed (4 files)
Reviewed by nemotron-3-super-120b-a12b-20230311:free · 179,082 tokens |
|
Missing an entry in |
2 participants
Summary
plugins/deonmenezes/mantishack/with.codex-plugin/plugin.json,.mcp.json, andassets/icon.svgplugins.jsonrecord (total 86 → 87)What is Mantis?
Autonomous bug bounty hunter for authorized engagements only. Runs a 7-phase FSM:
with parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. Generates disclosure-ready reports (Markdown, PDF, HackerOne, Bugcrowd, SARIF, OpenVEX).
Install
The bundled
.mcp.jsonusesnpx -y -p mantishack mantis-mcp, so users don't need a Rust toolchain — one command on any host with Node.js.Preflight
pipx run plugin-scanner lint .would target the bundle atplugins/deonmenezes/mantishack/.codex-plugin/plugin.jsonincludes required fields:name,version,description,repository,license,interface.composerIconplugins.jsonvalidates as JSON, alphabetical order preservedNote
I did not edit
.agents/plugins/marketplace.jsonin this PR to keep scope tight. Happy to follow up with a separate PR adding the marketplace entry if you'd like the bundle browseable viacodex plugin list --source awesome-codex-plugins.🤖 Generated with Claude Code