diff --git a/pkgs/tools/security/pass/extensions/checkup.nix b/pkgs/tools/security/pass/extensions/checkup.nix
new file mode 100644
index 000000000000..47b6538bb2ed
--- /dev/null
+++ b/pkgs/tools/security/pass/extensions/checkup.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchFromGitHub
+, curl, findutils, gnugrep, gnused }:
+
+stdenv.mkDerivation rec {
+  pname = "pass-checkup";
+  version = "0.2.0";
+
+  src = fetchFromGitHub {
+    owner = "etu";
+    repo = "pass-checkup";
+    rev = version;
+    sha256 = "17fyf8zj535fg43yddjww1jhxfb3nbdkn622wjxaai2nf46jzh7y";
+  };
+
+  patchPhase = ''
+    substituteInPlace checkup.bash \
+      --replace curl ${curl}/bin/curl \
+      --replace find ${findutils}/bin/find \
+      --replace grep ${gnugrep}/bin/grep \
+      --replace sed ${gnused}/bin/sed
+  '';
+
+  installPhase = ''
+    install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not.";
+    homepage = "https://github.com/etu/pass-checkup";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ etu ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/tools/security/pass/extensions/default.nix b/pkgs/tools/security/pass/extensions/default.nix
index 96d79a8daceb..6eb321229e00 100644
--- a/pkgs/tools/security/pass/extensions/default.nix
+++ b/pkgs/tools/security/pass/extensions/default.nix
@@ -6,6 +6,7 @@ with pkgs;
   pass-audit = callPackage ./audit.nix {
     pythonPackages = python3Packages;
   };
+  pass-checkup = callPackage ./checkup.nix {};
   pass-import = callPackage ./import.nix {
     pythonPackages = python3Packages;
   };