How to Use the Have I Been Pwned MCP in CrewAI

Q: How do I connect Have I Been Pwned to CrewAI?

Install crewaitools and pass the server URL directly into your agent's mcps array. For advanced setups, use MCPServerHTTP from crewai.mcp to filter specific tools.

Q: How do I restrict which agents can check passwords?

Use the toolfilter parameter when configuring the server. You expose the password checking tool only to your security agent, keeping it isolated from your general research agents.

Deploy autonomous security teams in CrewAI. Let specialized agents hunt for compromised credentials and analyze breach data.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Have I Been Pwned MCP to CrewAI

Create your Vinkius account to connect Have I Been Pwned to CrewAI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Have I Been Pwned with CrewAI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Coordinate Breach Investigations

The `search_account_breaches` tool locates compromised accounts tied to a specific email. You assign this tool to a Recon Agent. It scans your employee directory and compiles a list of exposed identities. The Recon Agent passes its findings through shared memory to an Analysis Agent. This second agent uses the `get_breach_details` tool to pull the exact data classes lost in each incident. The crew works sequentially to build a complete threat profile without a human typing a single command.

Audit Credentials with CrewAI Agents

The `check_password_safety` tool tests password hashes against known historical leaks. It uses a k-anonymity search to find matches. You give this capability to an Auditor Agent tasked with reviewing default system passwords. The agent generates the SHA-1 hashes, extracts the prefixes, and queries the MCP Server. If it finds a match, a Moderator Agent takes over. The moderator forces a password rotation on the affected system and logs the incident in your security dashboard.

Monitor Global Data Dumps

The `list_all_breaches` tool retrieves the entire database of known security incidents. A Threat Intel Agent polls this endpoint daily. It compares the latest entries against your company's vendor list. Simultaneously, a Paste Hunter Agent runs the `search_account_pastes` tool against your executive team's emails. If hackers dump corporate credentials on a public text site, the crew detects it. They draft an alert and escalate it to your incident response team automatically.

Setup guide

Set up Have I Been Pwned MCP in CrewAI

Prerequisites

Python 3.10+ installed
crewai package (pip install crewai)
Active Vinkius subscription with a valid endpoint token

1

Install CrewAI
Run pip install crewai to install the framework. MCP support is built-in via the mcps parameter.
2

Add the MCP URL to your agent
Pass your Vinkius endpoint directly to the mcps list. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. CrewAI handles tool discovery and caching automatically.
3

Kick off your crew
Create a Crew with your agent and tasks. Call crew.kickoff() — the agent will automatically invoke Have I Been Pwned tools as needed.

crew.py

from crewai import Agent, Task, Crew

agent = Agent(
    role="Have I Been Pwned Analyst",
    goal="Access and analyze Have I Been Pwned data via MCP.",
    backstory="Expert analyst with direct Have I Been Pwned access.",
    mcps=[
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    ],
)

task = Task(
    description="List recent Have I Been Pwned transactions",
    agent=agent,
    expected_output="A summary of recent activity",
)

crew = Crew(agents=[agent], tasks=[task])
result = crew.kickoff()
print(result)

Get your connection token →

Prerequisites

Python 3.10+ installed
crewai + crewai-tools packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run pip install crewai crewai-tools. The MCPServerAdapter handles lifecycle management and tool conversion.
2

Connect with MCPServerAdapter
Use MCPServerAdapter as a context manager with SseServerParameters pointing to your Vinkius endpoint. The adapter automatically manages connection lifecycle.
3

Assign tools and run
Pass the returned mcp_tools to your agent's tools parameter. The adapter converts MCP tools to native BaseTool objects compatible with all CrewAI agents.

crew.py

from crewai import Agent, Task, Crew
from crewai_tools import MCPServerAdapter
from mcp import SseServerParameters

server_params = SseServerParameters(
    url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)

with MCPServerAdapter(server_params) as mcp_tools:
    agent = Agent(
        role="Have I Been Pwned Analyst",
        goal="Access and analyze Have I Been Pwned data via MCP.",
        backstory="Expert analyst with direct Have I Been Pwned access.",
        tools=mcp_tools,
    )

    task = Task(
        description="List recent Have I Been Pwned transactions",
        agent=agent,
        expected_output="A summary of recent activity",
    )

    crew = Crew(agents=[agent], tasks=[task])
    result = crew.kickoff()
    print(result)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Have I Been Pwned. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Have I Been Pwned now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Have I Been Pwned MCP in CrewAI

Install crewai[tools] and pass the server URL directly into your agent's mcps array. For advanced setups, use MCPServerHTTP from crewai.mcp to filter specific tools.

Yes. One agent fetches the raw breach names, and another agent queries the details endpoint. They share this context in memory to draft a complete incident report.

It works perfectly. A manager agent delegates the scanning tasks to worker agents. The workers execute the MCP Server tools and report their findings back up the chain.

Use the tool_filter parameter when configuring the server. You expose the password checking tool only to your security agent, keeping it isolated from your general research agents.

No. The underlying architecture relies on k-anonymity. The agent calculates a SHA-1 hash of the password and transmits only the first five characters. The API never receives the actual secret.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript