Back to Browse
Free
Server data from the Official MCP Registry
A Model Context Protocol (MCP) server for the Have I Been Pwned (HIBP) API
About
A Model Context Protocol (MCP) server for the Have I Been Pwned (HIBP) API
Security Report
8.0
Low Risk8.0Low RiskValid MCP server (3 strong, 8 medium validity signals). 2 known CVEs in dependencies (0 critical, 2 high severity) Package registry verified. Imported from the Official MCP Registry.
11 files analyzed · 3 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
Your Have I Been Pwned API key from https://haveibeenpwned.com/API/KeyRequired
Environment variable: HIBP_API_KEY
Your HIBP API subscription plan (Pwned 1, Pwned 2, Pwned 3, Pwned 4, or Pwned 5)
Environment variable: HIBP_SUBSCRIPTION_PLAN
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-darrenjrobinson-hibp": {
"env": {
"HIBP_API_KEY": "your-hibp-api-key-here",
"HIBP_SUBSCRIPTION_PLAN": "your-hibp-subscription-plan-here"
},
"args": [
"-y",
"@darrenjrobinson/hibp-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
Have I Been Pwned MCP Server
A Model Context Protocol (MCP) server for the Have I Been Pwned (HIBP) API that allows you to query breach data using natural language.
Overview
This MCP server provides tools to interact with the Have I Been Pwned API, allowing you to:
- Check if an email address has been in a data breach
- Get details about specific breaches
- Check if a password has been exposed in known data breaches
- Check if an email address appears in pastes
Installation & Configuration
Option 1: NPM Installation (Recommended)
- Install Node.js (v22.10.0 or higher recommended)
- Get your HIBP API key from https://haveibeenpwned.com/API/Key
- Configure your MCP client (e.g., Claude Desktop ) with:
{
"mcpServers": {
"HIBP-MCP": {
"command": "npx",
"args": ["-y", "@darrenjrobinson/hibp-mcp"],
"env": {
"HIBP_API_KEY": "<your-hibp-api-key>",
"HIBP_SUBSCRIPTION_PLAN": "Pwned 1"
}
}
}
}
Option 2: Local Development
- Clone this repository:
git clone https://github.com/darrenjrobinson/HIBP-MCP-Server.git
- Install dependencies:
cd HIBP-MCP-Server
npm install
- Build the project:
npm run build
- Configure your MCP client with:
{
"mcpServers": {
"HIBP-MCP": {
"command": "node",
"args": ["path/to/hibp-mcp/build/main.js"],
"env": {
"HIBP_API_KEY": "<your-hibp-api-key>",
"HIBP_SUBSCRIPTION_PLAN": "Pwned 1"
}
}
}
}
Environment Variables
| Name | Description |
|---|---|
HIBP_API_KEY | Your Have I Been Pwned API key |
HIBP_SUBSCRIPTION_PLAN | Your HIBP API subscription plan (Pwned 1, Pwned 2, Pwned 3, Pwned 4, or Pwned 5) |
Usage Examples
Once configured, you can ask Claude natural language questions about data breaches. Here are some examples:
Checking Email Breaches
- "Has email address test@example.com appeared in any data breaches?"
- "What breaches contain the email address test@example.com?"
- "Show me all breaches for test@example.com"
Checking Specific Breaches
- "Tell me about the LinkedIn data breach"
- "What data was exposed in the Adobe breach?"
- "List all known data breaches"
Checking Passwords
- "Has the password 'Password123' been exposed in any breaches?"
- "Is my password 'MySecurePass2024' safe to use?"
- "Check if this password has been compromised: 'TestPass1234'"
Checking Pastes
- "Has test@example.com appeared in any pastes?"
- "Show me paste data for test@example.com"
Tools
HIBP-Breaches
Query breached accounts and breaches from the Have I Been Pwned API.
Parameters:
operation: The HIBP operation to perform (getAllBreachesForAccount, getAllBreachedSites, getBreachByName, getDataClasses)account: Email address to check for breaches (required for getAllBreachesForAccount)domain: Domain to filter breaches by (optional)name: Breach name to get details for (required for getBreachByName)includeUnverified: Whether to include unverified breaches (optional)truncateResponse: Whether to truncate the response (optional)
HIBP-Pastes
Query pastes containing account data from the Have I Been Pwned API.
Parameters:
account: Email address to check for pastes (required)
HIBP-PwnedPasswords
Check if a password has been exposed in data breaches using the Pwned Passwords API.
Parameters:
password: Password to check (will be hashed locally before sending and only the first 5 characters sent)
Security Note
Passwords checked through the HIBP-PwnedPasswords tool are never sent in plain text. They are hashed locally using SHA-1, and only the first 5 characters of the hash are sent to the API using k-anonymity.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
MIT
Author
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
114
Stars
411
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
56
Installs
10.0
Security
5.0
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
116.1K
Stars
16
Installs
6.0
Security
5.0
Local
mcp-creator-typescript
Freeby mcp-marketplace · Developer Tools
Scaffold, build, and publish TypeScript MCP servers to npm — conversationally
-
Stars
14
Installs
10.0
Security
5.0
Local
FinAgent
Freeby mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.
-
Stars
13
Installs
10.0
Security
No ratings yet
Local