How to Use the Have I Been Pwned MCP in Mastra AI

Build resilient credential monitoring workflows in Mastra AI. Automate breach detection with exponential backoff and conditional branching.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Have I Been Pwned MCP to Mastra AI

Create your Vinkius account to connect Have I Been Pwned to Mastra AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Have I Been Pwned with Mastra AI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Automate Breach Detection with Mastra AI

The `search_account_breaches` tool queries the database for any known leaks tied to a target email. Your agent feeds this data into a conditional workflow. If the tool returns empty, the workflow terminates. If it finds a match, the agent triggers an escalation path. You chain this with `get_breach_details` to analyze the severity of the exposure. Mastra handles the API rate limits automatically. If the MCP Server hits a 429 Too Many Requests error, the built-in engine applies exponential backoff and retries the check without breaking the pipeline.

Reject Compromised Credentials

The `check_password_safety` tool verifies if a specific password hash exists in historical data dumps. It relies on a k-anonymity model. The agent checks the hash prefix against the API and evaluates the response count. You deploy this inside a human-in-the-loop workflow using Mastra's requireToolApproval feature. If an executive tries to set a password with a high breach count, the agent pauses. It alerts an admin to approve or reject the action, stopping weak credentials from entering your production systems.

Track Public Pastes and Leaks

The `list_all_breaches` tool pulls the complete catalog of recorded data dumps. Your agent parses this list to identify new threats in your industry. Meanwhile, the `search_account_pastes` tool hunts for specific employee emails on public text-sharing sites. These tools feed a nightly monitoring job. You deploy the Mastra workflow to your cloud provider with one command. The agent runs the checks, formats a threat report, and opens a Jira ticket if it finds a new exposure.

Setup guide

Set up Have I Been Pwned MCP in Mastra AI

Prerequisites

Node.js 18+ and a TypeScript project
@mastra/mcp + @mastra/core packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run npm install @mastra/mcp @mastra/core plus your preferred model provider (e.g. @ai-sdk/openai).
2

Configure the MCPClient
Create an MCPClient with your Vinkius endpoint as a URL object. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Discover and inject tools
Call mcpClient.listTools() and spread the result into your agent's tools object. All Have I Been Pwned tools become native Mastra tools.
4

Run with any model
Swap openai("gpt-4o") for any AI SDK-compatible provider. Call agent.generate() and the agent routes tool calls through MCP automatically.

agent.ts

import { MCPClient } from "@mastra/mcp";
import { Agent } from "@mastra/core/agent";
import { openai } from "@ai-sdk/openai";

const mcpClient = new MCPClient({
  id: "have-i-been-pwned-mcp-client",
  servers: {
    "have-i-been-pwned-mcp": {
      url: new URL(
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
      ),
    },
  },
});

const agent = new Agent({
  name: "Have I Been Pwned Agent",
  model: openai("gpt-4o"),
  instructions: "You have access to Have I Been Pwned tools.",
  tools: {
    ...(await mcpClient.listTools()),
  },
});

const result = await agent.generate(
  "List recent Have I Been Pwned transactions"
);
console.log(result.text);

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Have I Been Pwned. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Have I Been Pwned now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Have I Been Pwned MCP in Mastra AI

Install @mastra/mcp@latest and initialize a new MCPClient. Pass the server URL in your configuration. Call mcpClient.listTools() and spread the results into your agent's tool array.

Yes. Mastra has built-in retry logic with exponential backoff. If the API returns a 429 status, the workflow pauses and tries again automatically.

You configure that yourself. Use the requireToolApproval setting on the MCP Server tools if you want an admin to review password reset triggers before they execute.

The framework auto-detects your connection type. It supports both Streamable HTTP and Server-Sent Events (SSE) out of the box.

The agent transmits the raw email string to the API to find matching breaches or pastes. The external service logs these requests for abuse prevention, so you should only query addresses you have authorization to monitor.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript