MCP server exposing 6 tools for hibp.
This URL is a JSON-RPC 2.0 endpoint over HTTP. Issue POST requests with a JSON-RPC body. Browsers and search crawlers land here on GET.
POST https://gateway.pipeworx.io/hibp/mcp
Content-Type: application/json
{"jsonrpc":"2.0","id":1,"method":"tools/list"}check_password — Check whether a password appears in known breach corpora. Uses k-anonymity: the password is SHA-1ed locally, only the first 5 hex chars leave the worker, and the response is filtered to match the rest. Returns pwned count (0 = not seen). The password itself is never transmitted.check_password_prefix — Direct k-anonymity lookup: pass the first 5 hex chars of a SHA-1 password hash, get back all SHA-1 suffixes with their pwned counts. Use this if you're hashing client-side and only want to send the prefix.list_breaches — List all publicly-known data breaches catalogued by HIBP. Optionally filter to a specific domain (e.g., "linkedin.com"). Returns name, title, breach date, added date, affected accounts, description, data classes exposed, and verification status.get_breach — Fetch a single breach by name (the "Name" field from list_breaches, e.g., "Adobe", "LinkedIn"). Returns full breach metadata.list_data_classes — Canonical list of HIBP "data class" tags (e.g., "Email addresses", "Passwords", "Geographic locations"). Useful for filtering breaches.check_account — Look up breaches an email account has been seen in. REQUIRES a paid HIBP subscription key (pass _apiKey). Returns the set of breach names; combine with get_breach for details.Code samples (curl / TypeScript / one-click client install), schemas, and the live playground are on the pack page:
https://pipeworx.io/packs/hibp/
Pipeworx is an open MCP gateway connecting AI agents to live data. pipeworx.io