MCP.so
Sign In

Overview

What is Have I Been Pwned MCP Server?

A Model Context Protocol server that integrates with the Have I Been Pwned API to check if email addresses or passwords have been compromised in data breaches. It provides four tools for querying breach data.

How to use Have I Been Pwned MCP Server?

Install via Smithery or clone the repository, install dependencies, build, and configure the server in your MCP settings file with your HIBP_API_KEY environment variable. Once configured, use Claude or another MCP client to invoke the tools: check_email, check_password, get_breach_details, or list_all_breaches.

Key features of Have I Been Pwned MCP Server

  • Check if an email appears in known data breaches
  • Check if a password has been exposed (using k‑anonymity)
  • Get detailed information about a specific data breach
  • List all breaches, optionally filtered by domain

Use cases of Have I Been Pwned MCP Server

  • Security audits: verify if user accounts are compromised
  • Password hygiene: test passwords without revealing them fully
  • Incident response: investigate a specific breach’s scope
  • Domain monitoring: list breaches affecting a particular company

FAQ from Have I Been Pwned MCP Server

What API does the server use?

It uses the official Have I Been Pwned API. You need a valid API key, obtainable at haveibeenpwned.com/API/Key.

How is password checking secure?

The password check employs k‑anonymity: only the first 5 characters of the SHA‑1 hash are sent to the API. Hash suffix matching is completed locally.

What are the runtime requirements?

Node.js v14 or higher and npm v6 or higher are required. The server expects a HIBP_API_KEY environment variable.

Which tools are available?

Four tools: check_email, check_password, get_breach_details, and list_all_breaches.

Where is the API key configured?

In your MCP settings JSON file, add the key as an environment variable named HIBP_API_KEY.

Tags

More from Other