by aashari
Node.js/TypeScript MCP server for Atlassian Bitbucket. Enables AI systems (LLMs) to interact with workspaces, repositories, and pull requests via tools (list, get, comment, search). Connects AI directly to version control workflows through the standard MCP interface.
# Add to your Claude Code skills
git clone https://github.com/aashari/mcp-server-atlassian-bitbucketGuides for using mcp servers skills like mcp-server-atlassian-bitbucket.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@actions/http-client: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@isaacs/brace-expansion: @isaacs/brace-expansion has Uncontrolled Resource Consumption",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "express-rate-limit: express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "handlebars: Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "hono: Hono added timing comparison hardening in basicAuth and bearerAuth",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash-es: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "npm: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "undici: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"severity": "high"
}
],
"status": "FAILED",
"scannedAt": "2026-05-30T16:06:02.840Z",
"npmAuditRan": true,
"pipAuditRan": true
}mcp-server-atlassian-bitbucket is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by aashari. Node.js/TypeScript MCP server for Atlassian Bitbucket. Enables AI systems (LLMs) to interact with workspaces, repositories, and pull requests via tools (list, get, comment, search). Connects AI directly to version control workflows through the standard MCP interface. It has 157 GitHub stars.
mcp-server-atlassian-bitbucket failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/aashari/mcp-server-atlassian-bitbucket" and add it to your Claude Code skills directory (see the Installation section above).
mcp-server-atlassian-bitbucket is primarily written in TypeScript. It is open-source under aashari on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh mcp-server-atlassian-bitbucket against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
Transform how you work with Bitbucket by connecting Claude, Cursor AI, and other AI assistants directly to your repositories, pull requests, and code. Get instant insights, automate code reviews, and streamline your development workflow.
Get up and running in 2 minutes:
IMPORTANT: Bitbucket App Passwords are being deprecated and will be removed by June 2026. We recommend using Scoped API Tokens for new setups.
Bitbucket is deprecating app passwords. Use the new scoped API tokens instead:
repository, workspacerepository, workspace, pullrequestATATT)Generate a Bitbucket App Password (legacy method):
# Set your credentials (choose one method)
# Method 1: Scoped API Token (recommended - future-proof)
export ATLASSIAN_USER_EMAIL="your.email@company.com"
export ATLASSIAN_API_TOKEN="your_scoped_api_token" # Token starting with ATATT
# OR Method 2: Legacy App Password (will be deprecated June 2026)
export ATLASSIAN_BITBUCKET_USERNAME="your_username"
export ATLASSIAN_BITBUCKET_APP_PASSWORD="your_app_password"
# List your workspaces
npx -y @aashari/mcp-server-atlassian-bitbucket get --path "/workspaces"
# List repositories in a workspace
npx -y @aashari/mcp-server-atlassian-bitbucket get --path "/repositories/your-workspace"
# Get pull requests for a repository
npx -y @aashari/mcp-server-atlassian-bitbucket get --path "/repositories/your-workspace/your-repo/pullrequests"
# Get repository details with JMESPath filtering
npx -y @aashari/mcp-server-atlassian-bitbucket get --path "/repositories/your-workspace/your-repo" --jq "{name: name, language: language}"
Add this to your Claude configuration file (~/.claude/claude_desktop_config.json):
Option 1: Scoped API Token (recommended - future-proof)
{
"mcpServers": {
"bitbucket": {
"command": "npx",
"args": ["-y", "@aashari/mcp-server-atlassian-bitbucket"],
"env": {
"ATLASSIAN_USER_EMAIL": "your.email@company.com",
"ATLASSIAN_API_TOKEN": "your_scoped_api_token"
}
}
}
}
Option 2: Legacy App Password (will be deprecated June 2026)
{
"mcpServers": {
"bitbucket": {
"command": "npx",
"args": ["-y", "@aashari/mcp-server-atlassian-bitbucket"],
"env": {
"ATLASSIAN_BITBUCKET_USERNAME": "your_username",
"ATLASSIAN_BITBUCKET_APP_PASSWORD": "your_app_password"
}
}
}
}
Restart Claude Desktop, and you'll see the bitbucket server in the status bar.
Most AI assistants support MCP. You can either:
Option 1: Use npx (recommended - always latest version):
Configure your AI assistant to run: npx -y @aashari/mcp-server-atlassian-bitbucket
Option 2: Install globally:
npm install -g @aashari/mcp-server-atlassian-bitbucket
Then configure your AI assistant to use the MCP server with STDIO transport.
Supported AI assistants:
Create ~/.mcp/configs.json for system-wide configuration:
Option 1: Scoped API Token (recommended - future-proof)
{
"bitbucket": {
"environments": {
"ATLASSIAN_USER_EMAIL": "your.email@company.com",
"ATLASSIAN_API_TOKEN": "your_scoped_api_token",
"BITBUCKET_DEFAULT_WORKSPACE": "your_main_workspace"
}
}
}
Option 2: Legacy App Password (will be deprecated June 2026)
{
"bitbucket": {
"environments": {
"ATLASSIAN_BITBUCKET_USERNAME": "your_username",
"ATLASSIAN_BITBUCKET_APP_PASSWORD": "your_app_password",
"BITBUCKET_DEFAULT_WORKSPACE": "your_main_workspace"
}
}
}
Alternative config keys: The system also accepts "atlassian-bitbucket", "@aashari/mcp-server-atlassian-bitbucket", or "mcp-server-atlassian-bitbucket" instead of "bitbucket".
This MCP server provides 6 generic tools that can access any Bitbucket API endpoint:
| Tool | Description | Parameters |
|---|---|---|
bb_get |
GET any Bitbucket API endpoint (read data) | path, queryParams?, jq?, outputFormat? |
bb_post |
POST to any endpoint (create resources) | path, body, queryParams?, jq?, outputFormat? |
bb_put |
PUT to any endpoint (replace resources) | path, body, queryParams?, jq?, outputFormat? |
bb_patch |
PATCH any endpoint (partial updates) | path, body, queryParams?, jq?, outputFormat? |
bb_delete |
DELETE any endpoint (remove resources) | path, queryParams?, jq?, outputFormat? |
bb_clone |
Clone a repository locally | workspaceSlug?, repoSlug, targetPath |
All API tools support these common parameters:
path (required): API endpoint path starting with / (the /2.0 prefix is added automatically)queryParams (optional): Key-value pairs for query parameters (e.g., {"pagelen": "25", "page": "2"})jq (optional): JMESPath expression to filter/transform the response - highly recommended to reduce token costsoutputFormat (optional): "toon" (default, 30-60% fewer tokens) or "json"body (required for POST/PUT/PATCH): Request body as JSON objectAll paths automatically have /2.0 prepended. Full Bitbucket Cloud REST API 2.0 reference: https://developer.atlassian.com/cloud/bitbucket/rest/
Workspaces & Repositories:
/workspaces - List all workspaces/repositories/{workspace} - List repos in workspace/repositories/{workspace}/{repo} - Get repo details/repositories/{workspace}/{repo}/refs/branches - List branches/repositories/{workspace}/{repo}/refs/branches/{branch_name} - Get/delete branch/repositories/{workspace}/{repo}/commits - List commits/repositories/{workspace}/{repo}/commits/{commit} - Get commit details/repositories/{workspace}/{repo}/src/{commit}/{filepath} - Get file contentPull Requests:
/repositories/{workspace}/{repo}/pullrequests - List PRs (GET) or create PR (POST)/repositories/{workspace}/{repo}/pullrequests/{id} - Get/update/delete PR/repositories/{workspace}/{repo}/pullrequests/{id}/diff - Get PR diff/repositories/{workspace}/{repo}/pullrequests/{id}/comments - List/add PR comments/repositories/{workspace}/{repo}/pullrequests/{id}/approve - Approve PR (POST) or remove approval (DELETE)/repositories/{workspace}/{repo}/pullrequests/{id}/request-changes - Request changes (POST)/repositories/{workspace}/{repo}/pullrequests/{id}/merge - Merge PR (POST)/repositories/{workspace}/{repo}/pullrequests/{id}/decline - Decline PR (POST)Comparisons:
/repositories/{workspace}/{repo}/diff/{source}..{destination} - Compare branches/commitsOther Resources:
/repositories/{workspace}/{repo}/issues - List/manage issues/repositories/{workspace}/{repo}/downloads - List/manage downloads/repositories/{workspace}/{repo}/pipelines - Access Bitbucket Pipelines/repositories/{workspace}/{repo}/deployments - View deploymentsWhat is TOON? Token-Oriented Object Notation is a format optimized for LLMs that reduces token consumption by 30-60% compared to JSON. It uses tabular arrays and minimal syntax while preserving all data.
Default behavior: All tools return TOON format by default. You can override this with outputFormat: "json" if needed.
Example comparison:
JSON (verbose):
{
"values": [
{"name": "repo1", "slug": "repo-1"},
{