Add Mantis (autonomous bug bounty hunter) to Tools & Integrations

README.md

@@ -199,6 +199,7 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [KiCad Happy](https://github.com/aklofas/kicad-happy) - KiCad EDA skills for schematic analysis, PCB layout review, component sourcing, BOM management, and manufacturing preparation.
 - [Langfuse Observability](https://github.com/avivsinai/langfuse-mcp) - Query traces, debug exceptions, analyze sessions, and manage prompts via MCP tools.
 - [Launch Fast](https://github.com/BlockchainHB/launchfast_codex_plugin) - Official Launch Fast plugin adapter for rapid SaaS deployment.
+- [Mantis](./plugins/deonmenezes/mantishack) - Autonomous bug bounty hunter for authorized engagements — 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs.
 - [Mobazha](https://github.com/mobazha/mobazha-skills) - Decentralized e-commerce skills — deploy self-hosted stores, import products from Shopify/Amazon, configure custom domains and Telegram bots, set up Tor privacy, and manage your store via MCP.
 - [MorningAI](https://github.com/octo-patch/MorningAI) - AI news tracking skill that monitors 80+ entities across 6 sources (Reddit, HN, GitHub, Hugging Face, arXiv, X) and generates scored daily reports with infographics and message digests.
 - [Nullcost](https://github.com/johnvouros/nullcost-plugin) - Catalog-backed free-tier, free-trial, and cheap developer-tool recommendations for Codex through bundled skills and MCP tools.

plugins.json

@@ -3,7 +3,7 @@
   "name": "awesome-codex-plugins",
   "version": "1.0.0",
   "last_updated": "2026-05-23",
-  "total": 86,
+  "total": 87,
   "categories": [
     "Development & Workflow",
     "Tools & Integrations"
@@ -679,6 +679,16 @@
       "source": "awesome-codex-plugins",
       "install_url": "https://raw.githubusercontent.com/BlockchainHB/launchfast_codex_plugin/HEAD/plugins/launchfast/.codex-plugin/plugin.json"
     },
+    {
+      "name": "Mantis",
+      "url": "https://github.com/deonmenezes/mantishack",
+      "owner": "deonmenezes",
+      "repo": "mantishack",
+      "description": "Autonomous bug bounty hunter for authorized engagements — 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs.",
+      "category": "Tools & Integrations",
+      "source": "awesome-codex-plugins",
+      "install_url": "https://raw.githubusercontent.com/hashgraph-online/awesome-codex-plugins/HEAD/plugins/deonmenezes/mantishack/.codex-plugin/plugin.json"
+    },
     {
       "name": "Mobazha",
       "url": "https://github.com/mobazha/mobazha-skills",

plugins/deonmenezes/mantishack/.codex-plugin/plugin.json

@@ -0,0 +1,44 @@
+{
+  "name": "mantis",
+  "version": "0.1.0",
+  "description": "Mantis offensive-security daemon — autonomous bug bounty hunter with 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. Use only against assets you own or have explicit written authorization to test.",
+  "author": {
+    "name": "Deon Menezes",
+    "url": "https://github.com/deonmenezes"
+  },
+  "homepage": "https://mantishack.com",
+  "repository": "https://github.com/deonmenezes/mantishack",
+  "license": "Apache-2.0 OR MIT",
+  "keywords": [
+    "security",
+    "pentest",
+    "bug-bounty",
+    "offensive-security",
+    "vulnerability-scanner",
+    "mcp"
+  ],
+  "mcpServers": "./.mcp.json",
+  "interface": {
+    "displayName": "Mantis",
+    "shortDescription": "Autonomous bug bounty hunting for authorized engagements.",
+    "longDescription": "Mantis runs a 7-phase finite-state machine — RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT — with parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. Generates disclosure-ready reports in Markdown, PDF, HackerOne, Bugcrowd, SARIF, and OpenVEX formats. AUTHORIZED USE ONLY — never run against assets you do not own or have explicit written authorization to test.",
+    "developerName": "Deon Menezes",
+    "category": "Security",
+    "capabilities": [
+      "Interactive",
+      "MCP",
+      "Security"
+    ],
+    "composerIcon": "./assets/icon.svg",
+    "logo": "./assets/icon.svg",
+    "websiteURL": "https://mantishack.com",
+    "privacyPolicyURL": "https://github.com/deonmenezes/mantishack/blob/main/SECURITY.md",
+    "termsOfServiceURL": "https://github.com/deonmenezes/mantishack/blob/main/DISCLAIMER_BOB_STYLE.md",
+    "defaultPrompt": [
+      "Start a Mantis hunt for example.com",
+      "Show Mantis status for the latest run",
+      "Generate a disclosure-ready report for the latest finding"
+    ],
+    "brandColor": "#0F1419"
+  }
+}

plugins/deonmenezes/mantishack/.mcp.json

@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "mantis": {
+      "command": "npx",
+      "args": ["-y", "-p", "mantishack", "mantis-mcp"]
+    }
+  }
+}