我被黑了吗 MCP 服务器
模型上下文协议 (MCP) 服务器提供与Have I Been Pwned API 的集成,以检查您的帐户或密码是否在数据泄露中受到损害。
特征
该 MCP 服务器提供四个主要工具:
- check_email :检查数据泄露中是否发现了电子邮件地址
- check_password :检查密码是否在数据泄露中被泄露(使用 k-anonymity)
- get_breach_details :获取有关特定数据泄露的详细信息
- list_all_breaches :列出系统中的所有违规行为,可选择按域进行过滤
安装
通过 Smithery 安装
要通过Smithery自动为 Claude Desktop 安装 hibp-mcp-server:
npx -y @smithery/cli install @Cyreslab-AI/hibp-mcp-server --client claude
先决条件
设置
- 克隆此存储库:
git clone https://github.com/Cyreslab-AI/hibp-mcp-server.git
cd hibp-mcp-server
- 安装依赖项:
- 构建服务器:
- 在您的 MCP 设置文件中配置服务器:对于 Claude VSCode 扩展,添加到
~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json :{
"mcpServers": {
"hibp": {
"command": "node",
"args": ["/path/to/hibp-mcp-server/build/index.js"],
"env": {
"HIBP_API_KEY": "YOUR_API_KEY_HERE"
},
"disabled": false,
"autoApprove": []
}
}
}
~/Library/Application Support/Claude/claude_desktop_config.json (macOS) 或其他平台上的类似路径。
使用示例
服务器配置完成后,您可以使用 Claude 检查数据泄露:
检查电子邮件
User: Has my email address example@gmail.com been pwned?
Claude: Good news! This email address has not been found in any known data breaches.
或者如果发现电子邮件存在违规行为:
User: Has my email address breached@example.com been pwned?
Claude: ⚠️ This email address was found in 3 data breaches.
Breach details:
1. Adobe (2013-10-04)
Domain: adobe.com
Description: In October 2013, 153 million Adobe accounts were breached...
Compromised data: Email addresses, Password hints, Passwords, Usernames
2. LinkedIn (2012-05-05)
Domain: linkedin.com
Description: In May 2016, LinkedIn had 164 million email addresses and passwords exposed...
Compromised data: Email addresses, Passwords
3. Dropbox (2012-07-01)
Domain: dropbox.com
Description: In mid-2012, Dropbox suffered a data breach which exposed...
Compromised data: Email addresses, Passwords
Recommendations:
- Change your password for these services immediately
- If you used the same password elsewhere, change those too
- Enable two-factor authentication where available
- Consider using a password manager
检查密码
User: Has the password "password123" been exposed in any breaches?
Claude: ⚠️ This password has been exposed in data breaches 123,456 times!
Recommendations:
- Stop using this password immediately
- Change it on any site where you use it
- Use a unique, strong password for each account
- Consider using a password manager
获取违规详情
User: Tell me about the LinkedIn data breach
Claude: # LinkedIn Data Breach
**Date:** 2012-05-05
**Domain:** linkedin.com
**Accounts affected:** 164,611,595
**Verified:** Yes
**Data leaked:** Email addresses, Passwords
**Description:**
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
**Recommendations:**
- If you had an account on this service, change your password
- If you used the same password elsewhere, change those too
- Monitor your accounts for suspicious activity
- Be cautious of phishing attempts that may use this leaked information
列出所有违规行为
User: List all Adobe data breaches
Claude: Found 1 breaches for domain adobe.com:
1. Adobe (2013-10-04)
Domain: adobe.com
Accounts affected: 152,445,165
Compromised data: Email addresses, Password hints, Passwords, Usernames
安全说明
- 密码检查功能使用 k-匿名来检查密码,而无需将完整密码发送到 Have I Been Pwned API
- 仅将密码 SHA-1 哈希的前 5 个字符发送到 API
- API 返回与前缀匹配的哈希后缀列表,校验在本地完成
API 密钥配置
此服务器需要 Have I Been Pwned API 密钥才能使用大部分功能(密码检查除外)。您可以在haveibeenpwned.com/API/Key获取 API 密钥。
API 密钥应作为 MCP 设置配置中名为HIBP_API_KEY的环境变量提供。
执照
麻省理工学院