Overview
What is Have I Been Pwned MCP Server?
A Model Context Protocol (MCP) server that integrates with the Have I Been Pwned API to check if email addresses or passwords have been compromised in data breaches. It provides tools for querying breaches, getting details, and listing all breaches.
How to use Have I Been Pwned MCP Server?
Install via Smithery or clone the repository, run npm install and npm run build, then configure the server in your MCP settings file (e.g., for Claude Desktop) with a HIBP_API_KEY environment variable. Use the tools check_email, check_password, get_breach_details, and list_all_breaches through your MCP client.
Key features of Have I Been Pwned MCP Server
- Check if an email appears in known data breaches.
- Check if a password has been exposed using k-anonymity.
- Get detailed information about a specific breach.
- List all breaches, optionally filtered by domain.
- Password checking does not require an API key.
- Privacy: only partial password hash sent to the API.
Use cases of Have I Been Pwned MCP Server
- Verifying if a user's email was part of a recent breach.
- Checking if a password has appeared in credential leaks.
- Auditing multiple accounts against known breaches.
- Investigating specific breach details for security reports.
- Integrating breach awareness into chatbot workflows.
FAQ from Have I Been Pwned MCP Server
What are the runtime requirements?
Node.js v14 or higher and npm v6 or higher. A Have I Been Pwned API key is required for most features (except password checking).
How does password checking work without sending the full password?
The server uses k-anonymity: only the first 5 characters of the SHA-1 hash of the password are sent to the API. The API returns matching hash suffixes, and the check is completed locally.
What tools does the server provide?
Four tools: check_email, check_password, get_breach_details, and list_all_breaches.
Where can I get a Have I Been Pwned API key?
Get one at haveibeenpwned.com/API/Key.
How do I configure the server with my MCP client?
In your MCP settings file (e.g., claude_desktop_config.json), add the server with the command node, path to the built index.js, and set the environment variable HIBP_API_KEY to your API key.