← Back to Skills Marketplace

🔌

Have I Been Pwned

Name: Have I Been Pwned
Author: oomol

by OOMOL · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install oo-haveibeenpwned

Description

Have I Been Pwned (haveibeenpwned.com). Use this skill for ANY Have I Been Pwned request — searching and reading data. Whenever a task involves Have I Been P...

README (SKILL.md)

Have I Been Pwned

Operate Have I Been Pwned through your OOMOL-connected account. This skill calls the haveibeenpwned connector with the oo CLI; OOMOL injects credentials server-side, so you never handle raw tokens.

Category: Security & Identity, Data & Analytics. Exposes 7 action(s).

Running an action

Assume the user has already installed the oo CLI, signed in, and connected Have I Been Pwned. Do not run oo auth login or open the connection URL proactively — just run the action. Fall back to First-time setup only when a command actually fails with an auth or connection error.

1. Inspect the contract to get the authoritative input/output schema before building a payload:

oo connector schema "haveibeenpwned" --action "\x3Caction_name>"

2. Run the action with a JSON payload that matches the input schema:

oo connector run "haveibeenpwned" --action "\x3Caction_name>" --data '\x3Cjson>' --json

--data takes a JSON object string or @path/to/file.json; omit it to send {}.
The response is { "data": ..., "meta": { "executionId": "..." } }; the execution id lives under meta.executionId.

Each action below links to a reference file with its purpose and exact commands. Read the linked file, then fetch the live schema with oo connector schema before constructing --data.

Available actions

get_breach — Get one breach by its stable HIBP Name value.
get_latest_breach — Get the most recently added breach in Have I Been Pwned.
get_subscription_status — Get the current subscription details for the connected HIBP API key.
list_breaches — List breaches in Have I Been Pwned and optionally filter by domain or spam-list flag.
list_data_classes — List all data classes currently used by breaches in Have I Been Pwned.
list_pastes_for_account — List paste exposures for an email address from Have I Been Pwned.
search_breached_account — Search full HIBP breach models for an email address, with optional domain and unverified-breach filters.

Safety

Read actions (get / list / search) are safe to run directly.
Create, update, send, or post actions change Have I Been Pwned state — confirm the exact payload and effect with the user before running.
Delete or remove actions are destructive — always confirm the target and get explicit approval first.

First-time setup

These are one-time steps — do not repeat them on every call. Run a step only when a command fails for the matching reason.

oo: command not found — install the oo CLI (other platforms: \x3Chttps://cli.oomol.com/install-guide.md>):

curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux

irm https://cli.oomol.com/install.ps1 | iex           # Windows PowerShell

Not signed in / authentication error — sign in to your OOMOL account once:
```
oo auth login
```
scope_missing / credential_expired / app_not_ready / app_not_found — Have I Been Pwned is not connected, or the connection expired or lacks a scope. Connect once (auth type: API key) at:
```
https://console.oomol.com/app-connections?provider=haveibeenpwned
```
HTTP 402 / OOMOL_INSUFFICIENT_CREDIT — billing stop. Recharge at https://console.oomol.com/billing/token-recharge before retrying.

Resources

Have I Been Pwned homepage: https://haveibeenpwned.com/

Usage Guidance

Install only if you trust OOMOL's CLI and connector service with HIBP API access. Prefer the documented installer or a verified package over the embedded pipe-to-shell commands, and confirm before querying other people's email addresses or subscription details.

Capability Tags

requires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The stated purpose, actions, and metadata align around HIBP breach, paste, data-class, and subscription lookups; this naturally involves sensitive email addresses and an HIBP API key handled by OOMOL server-side.

ℹ Instruction Scope

Runtime instructions are mostly scoped to `oo connector schema/run haveibeenpwned`, but the trigger says to use the skill for any HIBP request and marks read/search actions safe to run directly, which could send user-provided identifiers without an explicit per-query confirmation.

⚠ Install Mechanism

First-time setup includes `curl ... | bash` and PowerShell `irm ... | iex` remote installer commands when the `oo` CLI is missing, without checksum/signature verification or an explicit approval step before executing fetched code.

⚠ Credentials

The allowed tool scope is `Bash(oo *)`, which is broader than the individual HIBP read actions and can interact with the user's OOMOL account; the artifact text constrains intended use, but the granted CLI authority is broad.

ℹ Persistence & Privilege

The artifacts show no background workers, deletion, local indexing, or hidden persistence, but setup may establish a durable OOMOL login and connected HIBP credential for later connector use.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install oo-haveibeenpwned
After installation, invoke the skill by name or use /oo-haveibeenpwned
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Adds the initial `oo-haveibeenpwned` skill for operating Have I Been Pwned through an OOMOL-connected account without handling raw API tokens locally. - Supports searching breach exposure for email accounts, including full breach models with optional domain and unverified-breach filters. - Provides breach lookup workflows for listing breaches, filtering by domain or spam-list status, retrieving a specific breach by HIBP name, and fetching the latest added breach. - Includes paste exposure lookup for email addresses and data-class discovery across Have I Been Pwned breach records. - Adds subscription status checks for the connected HIBP API key, with action references and schema-first `oo connector` usage guidance.

Metadata

Slug oo-haveibeenpwned

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Have I Been Pwned?

Have I Been Pwned (haveibeenpwned.com). Use this skill for ANY Have I Been Pwned request — searching and reading data. Whenever a task involves Have I Been P... It is an AI Agent Skill for Claude Code / OpenClaw, with 26 downloads so far.

How do I install Have I Been Pwned?

Run "/install oo-haveibeenpwned" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Have I Been Pwned free?

Yes, Have I Been Pwned is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Have I Been Pwned support?

Have I Been Pwned is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Have I Been Pwned?

It is built and maintained by OOMOL (@oomol); the current version is v1.0.0.

More Skills

Have I Been Pwned

Have I Been Pwned

Running an action

Available actions

Safety

First-time setup

Resources

What is Have I Been Pwned?

How do I install Have I Been Pwned?

Is Have I Been Pwned free?

Which platforms does Have I Been Pwned support?

Who created Have I Been Pwned?

💬 Comments