Can I use Have I Been Pwned as a CLI?

Yes. KosmoKrator exposes a Have I Been Pwned CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Have I Been Pwned through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Have I Been Pwned tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Have I Been Pwned credentials stored?

Have I Been Pwned credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Have I Been Pwned MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

data

Have I Been Pwned CLI for AI Agents

Use the Have I Been Pwned CLI from KosmoKrator to call Have I Been Pwned tools headlessly, return JSON, inspect schemas, and automate workflows from coding agents, scripts, and CI.

Have I Been Pwned CLI Setup

Have I Been Pwned can be configured headlessly with `kosmokrator integrations:configure have-i-been-pwned`.

Install, configure, and verify

# Install KosmoKrator first if it is not available on PATH.
curl -fsSL https://raw.githubusercontent.com/OpenCompanyApp/kosmokrator/main/install.sh | bash

# Configure and verify this integration.
kosmokrator integrations:configure have-i-been-pwned --enable --read allow --write ask --json
kosmokrator integrations:doctor have-i-been-pwned --json
kosmokrator integrations:status --json

Credentials

Authentication type: API key api_key. Configure credentials once, then reuse the same stored profile from scripts, coding CLIs, Lua, and MCP.

Key	Env var	Type	Required	Label
`api_key`	`HAVE_I_BEEN_PWNED_API_KEY`	Secret `secret`	no	API Key

Command Patterns

The generic command is stable across every integration. The provider shortcut is shorter for humans.

Generic CLI call

kosmo integrations:call have-i-been-pwned.hibp_breached_account '{}' --json

Provider shortcut

kosmo integrations:have-i-been-pwned hibp_breached_account '{}' --json

Discovery

These commands return structured output for coding agents that need to inspect capabilities before choosing a function.

Discovery commands

kosmo integrations:docs have-i-been-pwned --json
kosmo integrations:docs have-i-been-pwned.hibp_breached_account --json
kosmo integrations:schema have-i-been-pwned.hibp_breached_account --json
kosmo integrations:search "Have I Been Pwned" --json
kosmo integrations:list --json

Automation Contexts

The same configured command surface works in these environments. The command does not change unless the host wrapper, credentials, or permissions change.

CI Run integration calls from CI jobs with JSON output, explicit credentials, and predictable exit status. Cron Jobs Schedule repeatable integration workflows from cron while keeping credentials in KosmoKrator config. Shell Scripts Call integration functions from shell scripts with stable JSON input and output. Headless Automation Use KosmoKrator as a non-interactive integration runtime for local automations and wrappers. Coding Agents Let coding agents discover schemas and execute integration functions through CLI commands or MCP.

CLI Functions

Every function below can be called headlessly. Commands are highlighted, copyable, and scroll horizontally when payloads are long.

`have-i-been-pwned.hibp_breached_account`

List breaches for an email address.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_breached_account '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_breached_account '{}' --json

`have-i-been-pwned.hibp_breached_account_range`

List email hash suffixes and affected sites for an account hash prefix.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_breached_account_range '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_breached_account_range '{}' --json

`have-i-been-pwned.hibp_breaches`

List breach catalogue entries.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_breaches '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_breaches '{}' --json

`have-i-been-pwned.hibp_breach_by_name`

Retrieve one breach by system name.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_breach_by_name '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_breach_by_name '{}' --json

`have-i-been-pwned.hibp_latest_breach`

Retrieve the most recently added breach.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_latest_breach '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_latest_breach '{}' --json

`have-i-been-pwned.hibp_data_classes`

List all breach data classes.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_data_classes '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_data_classes '{}' --json

`have-i-been-pwned.hibp_paste_account`

List pastes for an email address.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_paste_account '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_paste_account '{}' --json

`have-i-been-pwned.hibp_breached_domain`

List breached accounts for a verified domain.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_breached_domain '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_breached_domain '{}' --json

`have-i-been-pwned.hibp_subscribed_domains`

List domains tied to the API-key subscription.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_subscribed_domains '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_subscribed_domains '{}' --json

`have-i-been-pwned.hibp_generate_dns_token`

Generate a DNS ownership-verification token.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_generate_dns_token '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_generate_dns_token '{}' --json

`have-i-been-pwned.hibp_verify_dns_token`

Verify a domain DNS token with HIBP.

Write write

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_verify_dns_token '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_verify_dns_token '{}' --json

`have-i-been-pwned.hibp_send_domain_verification_email`

Send an HIBP domain verification email.

Write write

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_send_domain_verification_email '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_send_domain_verification_email '{}' --json

`have-i-been-pwned.hibp_stealer_logs_by_email`

Check stealer logs by email address.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_stealer_logs_by_email '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_stealer_logs_by_email '{}' --json

`have-i-been-pwned.hibp_stealer_logs_by_website_domain`

Check stealer logs by compromised website domain.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_stealer_logs_by_website_domain '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_stealer_logs_by_website_domain '{}' --json

`have-i-been-pwned.hibp_stealer_logs_by_email_domain`

Check stealer logs by email address domain.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_stealer_logs_by_email_domain '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_stealer_logs_by_email_domain '{}' --json

`have-i-been-pwned.hibp_subscription_status`

Retrieve subscription status for the API key.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_subscription_status '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_subscription_status '{}' --json

`have-i-been-pwned.hibp_pwned_password_range`

Query Pwned Passwords by hash prefix.

Read read

Parameters: none

Generic call

kosmo integrations:call have-i-been-pwned.hibp_pwned_password_range '{}' --json

Shortcut

kosmo integrations:have-i-been-pwned hibp_pwned_password_range '{}' --json

Function Schemas

Use these parameter tables when building CLI payloads without calling integrations:schema first.

have-i-been-pwned.hibp_breached_account 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_breached_account --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_breached_account_range 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_breached_account_range --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_breaches 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_breaches --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_breach_by_name 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_breach_by_name --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_latest_breach 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_latest_breach --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_data_classes 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_data_classes --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_paste_account 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_paste_account --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_breached_domain 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_breached_domain --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_subscribed_domains 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_subscribed_domains --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_generate_dns_token 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_generate_dns_token --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_verify_dns_token 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_verify_dns_token --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_send_domain_verification_email 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_send_domain_verification_email --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_stealer_logs_by_email 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_stealer_logs_by_email --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_stealer_logs_by_website_domain 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_stealer_logs_by_website_domain --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_stealer_logs_by_email_domain 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_stealer_logs_by_email_domain --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_subscription_status 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_subscription_status --json

Parameter	Type	Required	Description
No parameters.

have-i-been-pwned.hibp_pwned_password_range 0 parameters

Schema command

kosmo integrations:schema have-i-been-pwned.hibp_pwned_password_range --json

Parameter	Type	Required	Description
No parameters.

Permissions

Headless calls still follow the integration read/write permission policy. Configure read/write defaults with integrations:configure. Add --force only for trusted automation that should bypass that policy.