How to Use the Have I Been Pwned MCP in OpenAI Agents SDK

Q: Where do I store my API key for the OpenAI Agents SDK setup?

Keep it in an environment variable named HIBPAPIKEY. Never hardcode it in your agent scripts.

Plug the Have I Been Pwned MCP Server into your OpenAI Agents SDK build to catch leaked credentials before they hit your production environment.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Have I Been Pwned MCP to OpenAI Agents SDK

Create your Vinkius account to connect Have I Been Pwned to OpenAI Agents SDK and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Have I Been Pwned with OpenAI Agents SDK

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Verify password strength with k-anonymity

Your agent uses `check_password_safety` to run a local hash against the HIBP database without ever sending the raw password over the wire. This keeps your user data private while the agent validates security against known breaches. Since this happens within the OpenAI Agents SDK pipeline, your guardrails catch weak credentials immediately. It turns a manual security audit into a zero-latency automated check.

Track account exposure in real-time

The `search_account_breaches` tool lets your agent scan for compromised identities as they move through your system. It flags accounts that show up in recent data dumps, allowing for instant incident response. By integrating this into your SDK logic, you build a closed-loop monitoring system. The agent identifies the breach and triggers the necessary rotation protocol without human intervention.

Audit public paste activity

Use `search_account_pastes` to see if sensitive internal emails are floating around in public plain-text dumps. It pulls data directly from Pastebin-style sites to check for leaks. This adds a layer of intelligence to your OpenAI Agents SDK setup. You get eyes on data that usually stays hidden until it is too late to stop the damage.

Setup guide

Set up Have I Been Pwned MCP in OpenAI Agents SDK

Prerequisites

Python 3.10+ installed
openai-agents package (pip install openai-agents)
Active Vinkius subscription with a valid endpoint token

1

Install the SDK

Run pip install openai-agents to install the OpenAI Agents SDK. The MCP integration is built-in — no extra dependencies needed.
2

Connect via SSE transport

Use MCPServerSse with your Vinkius endpoint URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. The SDK auto-discovers all Have I Been Pwned tools at runtime.
3

Create your Agent

Pass the MCP to Agent(mcp_servers=[server]). The agent receives Have I Been Pwned tools as native definitions — JSON schemas resolve automatically.
4

Run the agent

Call Runner.run(agent, prompt) to execute. The agent invokes the appropriate Have I Been Pwned tools and returns structured results. Copy the full example on the right to get started.

agent.py

import asyncio
from agents import Agent, Runner
from agents.mcp import MCPServerSse

async def main():
    async with MCPServerSse(
        url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    ) as server:
        agent = Agent(
            name="Have I Been Pwned Agent",
            instructions="You have access to Have I Been Pwned tools.",
            mcp_servers=[server],
        )
        result = await Runner.run(agent, "List recent transactions")
        print(result.final_output)

asyncio.run(main())

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Have I Been Pwned. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Have I Been Pwned now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Have I Been Pwned MCP in OpenAI Agents SDK

It adds negligible overhead. The server communicates via HTTP, and by setting cacheToolsList=True, your agent keeps the tool definitions ready for instant execution.

Yes. You can write a loop in your agent that iterates through your user list, passing each email to `search_account_breaches` to flag compromised records.

You need to manage your own retry logic. If the server returns a 429 status code, your agent code should implement a backoff strategy to respect the API constraints.

It touches breach names, account emails, and password hash prefixes. No private PII is stored locally by the server itself.

Keep it in an environment variable named HIBP_API_KEY. Never hardcode it in your agent scripts.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python