Connects Claude to the Have I Been Pwned API so you can check breach exposure through natural conversation. Exposes four main operations: checking if an email appears in breaches, getting details on specific breaches, validating passwords against known compromises using k-anonymity hashing, and searching for email addresses in pastes. Requires an HIBP API key and subscription plan configuration. Password checks are handled securely by hashing locally and only sending the first five hash characters to the API. Useful when you need to audit accounts, investigate security incidents, or validate credentials without leaving your Claude workflow. Built by Darren J Robinson with full TypeScript support and available via npx for quick setup.
claude mcp add --transport stdio io.github.darrenjrobinson-hibp uvx hibp