How to Use the Have I Been Pwned MCP in Windsurf
Stop guessing if your credentials leaked. Let Windsurf use this MCP Server to audit your security posture in real-time.
Works with every AI agent you already use
…and any MCP-compatible client
Connect Have I Been Pwned MCP to Windsurf
Create your Vinkius account to connect Have I Been Pwned to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.
Automated breach discovery for Windsurf
Cascade doesn't wait for a prompt to check your exposure. It uses `search_account_breaches` to scan your project-related emails against known leaks, identifying risks before they hit production. This MCP Server provides the data, and Cascade handles the analysis. It flags compromised accounts instantly so you can rotate credentials without breaking your flow.
Zero-knowledge password audits
Never expose your raw passwords to the wire. This server implements `check_password_safety` using k-anonymity, ensuring your secrets stay local while Cascade verifies their strength. Windsurf chains this tool to audit your environment variables. It detects weak or leaked strings, giving you an immediate report on what needs changing.
Contextual paste monitoring
Public pastes are often the first place leaked data appears. Cascade uses `search_account_pastes` to monitor for your development accounts, catching exposure before it becomes a full-blown incident. By hooking into this MCP Server, Windsurf keeps a watchful eye on your digital footprint. It turns a manual security chore into a background task that runs while you code.
Set up Have I Been Pwned MCP in Windsurf
Prerequisites
- Windsurf IDE installed (macOS, Windows, or Linux)
- Active Vinkius subscription with a valid endpoint token
- 1
Open MCP configuration
Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open
~/.codeium/windsurf/mcp_config.json. - 2
Add the Have I Been Pwned MCP
Paste the JSON snippet shown on the right into the
mcpServersobject. Replace[YOUR_TOKEN_HERE]with your endpoint token from cloud.vinkius.com. - 3
Refresh MCPs
Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.
- 4
Verify in Cascade
Start a new Cascade conversation and ask something like "Show my Have I Been Pwned payment history." If connected, Cascade will call the Have I Been Pwned tools directly. You will see a green dot next to the server name in the MCP panel.
{
"mcpServers": {
"have-i-been-pwned-mcp": {
"url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}
}
}Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Have I Been Pwned. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
Why Choose Vinkius
Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.
Real-time monitoring
Live
visibility into every interaction
Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.
Built-in savings
60%
lower AI costs
Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.
Single dashboard
One
place for every integration
Every tool your AI connects to, managed from a single screen. One account, complete control.
Common questions about Have I Been Pwned MCP in Windsurf
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
Start using the Have I Been Pwned MCP today
We host it, we monitor it, we maintain it. You just paste one token.
