shieldapi.check_password
Check SHA-1 password hashes against known data breaches via Have I Been Pwned to identify compromised credentials.
Instructions
Check if a password hash (SHA-1) has been exposed in known data breaches via HIBP.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| hash | Yes | SHA-1 hash of the password (40 hex chars) |
Implementation Reference
- src/index.ts:179-186 (handler)The tool 'shieldapi.check_password' is registered dynamically within this loop, which delegates the execution to the 'callShieldApi' function using the endpoint definition.
for (const [name, def] of Object.entries(TOOLS)) { server.tool( name, def.description, { [def.param]: z.string().describe(def.paramDesc) }, { ...readOnlyAnnotations, title: TOOL_TITLES[name] || name }, async (params) => formatResult(await callShieldApi(def.endpoint, params as Record<string, string>)) ); - src/index.ts:101-116 (handler)This is the actual handler logic that performs the network request to the ShieldAPI endpoint.
async function callShieldApi(endpoint: string, params: Record<string, string>): Promise<unknown> { const url = new URL(`${SHIELDAPI_URL}/api/${endpoint}`); for (const [key, value] of Object.entries(params)) { url.searchParams.set(key, value); } if (demoMode) { url.searchParams.set('demo', 'true'); } const response = await paymentFetch(url.toString()); if (!response.ok) { const body = await response.text(); throw new Error(`ShieldAPI ${endpoint} failed (${response.status}): ${body.substring(0, 200)}`); } return response.json(); } - src/index.ts:38-43 (schema)Definition of the 'shieldapi.check_password' tool parameters and endpoint.
'shieldapi.check_password': { description: 'Check if a password hash (SHA-1) has been exposed in known data breaches via HIBP.', param: 'hash', paramDesc: 'SHA-1 hash of the password (40 hex chars)', endpoint: 'check-password', },