check_password
ActiveTool of mcp-hibp
Check whether a password appears in known breach corpora. Uses k-anonymity: the password is SHA-1ed locally, only the first 5 hex chars leave the worker, and the response is filtered to match the rest. Returns pwned count (0 = not seen). The password itself is never transmitted.
Parameters schema
{
"type": "object",
"examples": [
{
"password": "correct-horse-battery-staple"
},
{
"password": "MyP@ssw0rd123"
}
],
"required": [
"password"
],
"properties": {
"password": {
"type": "string",
"description": "Password to check (stays inside the worker)"
}
}
}No endpoints wrapped at confidence ≥ 0.50.
Parent server
mcp-hibp
https://github.com/pipeworx-io/mcp-hibp
2/7 registries