diff --git a/.env.example b/.env.example
index e930e1a..6332e55 100644
--- a/.env.example
+++ b/.env.example
@@ -6,6 +6,8 @@ NUMVERIFY_API_KEY=
 
 LEAK_LOOKUP_API_KEY=
 
+HIBP_API_KEY=
+
 IPINFO_API_KEY=
 
 VIRUSTOTAL_API_KEY=
diff --git a/CHANGELOG.md b/CHANGELOG.md
index dd87df3..2ce713b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 
 ---
 
+## [Unreleased]
+
+### Added
+- **Standard module status enum** (`ok` / `skipped` / `rate_limited` / `error`) in `modules/module_status.py`, with `classify()`, `reason_for()`, and `annotate()` helpers (#61).
+- **Graceful degradation for key-dependent modules** — Shodan, VirusTotal, AbuseIPDB, Censys, Leak-Lookup/HIBP, and Telegram now report `skipped` when an API key is absent and `rate_limited` on HTTP 429, instead of failing with a hard error (#61).
+- **Per-module status badges in the dashboard** — live progress chips and result cards now render the module status (skipped/rate-limited shown with their reason), and the scan engine propagates the status over WebSocket (#61).
+- **`HIBP_API_KEY` config option** — the HIBP breach lookup now reads a real key from the environment and skips up-front when it is absent, instead of always hitting an unauthenticated 401 (#61).
+
+### Changed
+- The scan engine (`web/app.py`) derives each module's status from its result, persists it for the results view, and only caches genuinely successful (`ok`) results so a missing key is not frozen in cache once configured (#61).
+
+---
+
 ## [2.3.0] — 2026-06-03
 
 ### Added
diff --git a/config.py b/config.py
index 6850408..f40cd1d 100644
--- a/config.py
+++ b/config.py
@@ -5,6 +5,7 @@
 
 NUMVERIFY_API_KEY = os.getenv("NUMVERIFY_API_KEY", "")
 LEAK_LOOKUP_API_KEY = os.getenv("LEAK_LOOKUP_API_KEY", "")
+HIBP_API_KEY = os.getenv("HIBP_API_KEY", "")
 IPINFO_API_KEY = os.getenv("IPINFO_API_KEY", "")
 
 VIRUSTOTAL_API_KEY = os.getenv("VIRUSTOTAL_API_KEY", "")
diff --git a/frontend/src/components/App.tsx b/frontend/src/components/App.tsx
index 965c83a..9989c95 100644
--- a/frontend/src/components/App.tsx
+++ b/frontend/src/components/App.tsx
@@ -9,10 +9,28 @@ import { ResultsSkeleton } from './ResultsSkeleton';
 import { ToolPanels } from './tools/ToolPanels';
 import { ScanComparison } from './views/ScanComparison';
 import { startScan, getWsUrl, getScan } from '@/lib/api';
-import type { ScanType, ScanStatus, ToolMode, ScanResults as ScanResultsType, ScanMeta } from '@/lib/types';
+import type { ScanType, ScanStatus, ToolMode, ScanResults as ScanResultsType, ScanMeta, LiveModuleStatus } from '@/lib/types';
 
 type View = 'idle' | 'tool' | 'scanning' | 'results' | 'compare';
 
+const LIVE_STATUSES: readonly LiveModuleStatus[] = ['ok', 'skipped', 'rate_limited', 'error', 'running'];
+
+function toLiveStatus(status: unknown): LiveModuleStatus {
+  return typeof status === 'string' && (LIVE_STATUSES as readonly string[]).includes(status)
+    ? (status as LiveModuleStatus)
+    : 'ok';
+}
+
+function moduleDoneLine(msg: { module: string; status?: string; reason?: string; error?: string }): string {
+  const detail = msg.reason || msg.error;
+  switch (msg.status) {
+    case 'skipped': return `⊘ ${msg.module}: skipped${detail ? ` — ${detail}` : ''}`;
+    case 'rate_limited': return `⏳ ${msg.module}: rate limited${detail ? ` — ${detail}` : ''}`;
+    case 'error': return `✗ ${msg.module}: ${detail || 'error'}`;
+    default: return `✓ ${msg.module}`;
+  }
+}
+
 export function App() {
   const [view, setView] = useState<View>('idle');
   const [sidebarOpen, setSidebarOpen] = useState(false);
@@ -22,7 +40,7 @@ export function App() {
   const [scanMeta, setScanMeta] = useState<(ScanMeta & { results: ScanResultsType }) | null>(null);
   const [progressLog, setProgressLog] = useState<string[]>([]);
   const [scanTarget, setScanTarget] = useState('');
-  const [moduleStatuses, setModuleStatuses] = useState<Record<string, 'running' | 'ok' | 'error'>>({});
+  const [moduleStatuses, setModuleStatuses] = useState<Record<string, LiveModuleStatus>>({});
   const [totalModules, setTotalModules] = useState(0);
   const [compareIds, setCompareIds] = useState<[string, string] | null>(null);
   const wsRef = useRef<WebSocket | null>(null);
@@ -89,10 +107,7 @@ export function App() {
             const lines = [...prev];
             for (const msg of newMsgs) {
               if (msg.type === 'module_start') lines.push(`→ ${msg.module}`);
-              else if (msg.type === 'module_done') {
-                if (msg.status === 'error') lines.push(`✗ ${msg.module}: ${msg.error || 'error'}`);
-                else lines.push(`✓ ${msg.module}`);
-              }
+              else if (msg.type === 'module_done') lines.push(moduleDoneLine(msg));
             }
             return lines;
           });
@@ -100,7 +115,7 @@ export function App() {
             const next = { ...prev };
             for (const msg of newMsgs) {
               if (msg.type === 'module_start') next[msg.module] = 'running';
-              else if (msg.type === 'module_done') next[msg.module] = msg.status === 'error' ? 'error' : 'ok';
+              else if (msg.type === 'module_done') next[msg.module] = toLiveStatus(msg.status);
             }
             return next;
           });
@@ -145,12 +160,8 @@ export function App() {
           setModuleStatuses(prev => ({ ...prev, [msg.module]: 'running' }));
 
         } else if (msg.type === 'module_done') {
-          setModuleStatuses(prev => ({ ...prev, [msg.module]: msg.status === 'error' ? 'error' : 'ok' }));
-          if (msg.status === 'error') {
-            setProgressLog(prev => [...prev, `✗ ${msg.module}: ${msg.error || 'error'}`]);
-          } else {
-            setProgressLog(prev => [...prev, `✓ ${msg.module}`]);
-          }
+          setModuleStatuses(prev => ({ ...prev, [msg.module]: toLiveStatus(msg.status) }));
+          setProgressLog(prev => [...prev, moduleDoneLine(msg)]);
 
         } else if (msg.type === '_done') {
           done = true;
diff --git a/frontend/src/components/views/ScanProgress.tsx b/frontend/src/components/views/ScanProgress.tsx
index 5ce1d2f..184f071 100644
--- a/frontend/src/components/views/ScanProgress.tsx
+++ b/frontend/src/components/views/ScanProgress.tsx
@@ -1,18 +1,27 @@
 'use client';
-import { Terminal, Check, X, Loader2, Circle } from 'lucide-react';
+import { Terminal, Check, X, Loader2, Circle, Ban, Hourglass } from 'lucide-react';
 import { useTranslations } from '@/lib/i18n';
+import type { LiveModuleStatus } from '@/lib/types';
 
 interface Props {
   log: string[];
   target: string;
-  moduleStatuses?: Record<string, 'running' | 'ok' | 'error'>;
+  moduleStatuses?: Record<string, LiveModuleStatus>;
   totalModules?: number;
 }
 
+const STATUS_STYLE: Record<LiveModuleStatus, { cls: string; Icon: typeof Check; spin?: boolean }> = {
+  ok: { cls: 'text-green border-green/30 bg-green/5', Icon: Check },
+  error: { cls: 'text-red border-red/30 bg-red/5', Icon: X },
+  skipped: { cls: 'text-text-3 border-border-1 bg-surface-2', Icon: Ban },
+  rate_limited: { cls: 'text-yellow border-yellow/30 bg-yellow/5', Icon: Hourglass },
+  running: { cls: 'text-blue border-blue/30 bg-blue/5', Icon: Loader2, spin: true },
+};
+
 export function ScanProgress({ log, target, moduleStatuses = {}, totalModules = 0 }: Props) {
   const { t } = useTranslations();
-  const entries = Object.entries(moduleStatuses);
-  const completed = entries.filter(([, s]) => s === 'ok' || s === 'error').length;
+  const entries = Object.entries(moduleStatuses) as [string, LiveModuleStatus][];
+  const completed = entries.filter(([, s]) => s !== 'running').length;
   const cap = Math.max(totalModules, entries.length);
   const percent = cap > 0 ? Math.min(100, Math.round((completed / cap) * 100)) : 0;
 
@@ -40,13 +49,12 @@ export function ScanProgress({ log, target, moduleStatuses = {}, totalModules =
           {entries.length > 0 && (
             <div className="flex flex-wrap gap-1.5 mt-3">
               {entries.map(([mod, status]) => {
-                const cls = status === 'ok' ? 'text-green border-green/30 bg-green/5'
-                  : status === 'error' ? 'text-red border-red/30 bg-red/5'
-                  : 'text-blue border-blue/30 bg-blue/5';
-                const Icon = status === 'ok' ? Check : status === 'error' ? X : status === 'running' ? Loader2 : Circle;
+                const style = STATUS_STYLE[status] ?? { cls: 'text-blue border-blue/30 bg-blue/5', Icon: Circle };
+                const Icon = style.Icon;
+                const label = status === 'rate_limited' ? `${mod} (rate limited)` : status === 'skipped' ? `${mod} (skipped)` : mod;
                 return (
-                  <span key={mod} className={`inline-flex items-center gap-1 text-[10px] font-mono px-1.5 py-0.5 rounded border ${cls}`}>
-                    <Icon size={10} className={status === 'running' ? 'spin' : ''} />
+                  <span key={mod} title={label} className={`inline-flex items-center gap-1 text-[10px] font-mono px-1.5 py-0.5 rounded border ${style.cls}`}>
+                    <Icon size={10} className={style.spin ? 'spin' : ''} />
                     {mod}
                   </span>
                 );
diff --git a/frontend/src/components/views/ScanResults.tsx b/frontend/src/components/views/ScanResults.tsx
index efed08d..6f0eb0a 100644
--- a/frontend/src/components/views/ScanResults.tsx
+++ b/frontend/src/components/views/ScanResults.tsx
@@ -1,7 +1,7 @@
 'use client';
 import { useState, useEffect, useRef } from 'react';
 import { ExternalLink, Printer, Download, Shield, AlertTriangle, Globe, Server, Lock, User, Clock, Zap, Phone, MessageCircle, Map, GitBranch, Code, Brain, ChevronDown, ChevronUp, SendHorizontal, Mail, Copy, Eye, ShieldAlert, ArrowUp, FileSpreadsheet, FileText, Search } from 'lucide-react';
-import type { ScanResults, ScanMeta, OpsecFinding } from '@/lib/types';
+import type { ScanResults, ScanMeta, OpsecFinding, ModuleStatus, ModuleStatusFields } from '@/lib/types';
 import { fetchReportBlob, generateAiSummary, sendAiChat, getMapData, getGraphData } from '@/lib/api';
 import { useTranslations } from '@/lib/i18n';
 
@@ -224,15 +224,76 @@ function DtRow({ label, value }: { label: string; value?: string | number | null
   );
 }
 
-function Card({ title, children }: { title?: string; children: React.ReactNode }) {
+function Card({ title, extra, children }: { title?: string; extra?: React.ReactNode; children: React.ReactNode }) {
   return (
     <div className="card mb-3">
-      {title && <div className="card-head">{title}</div>}
+      {title && (
+        <div className="card-head flex items-center justify-between gap-2">
+          <span>{title}</span>
+          {extra}
+        </div>
+      )}
       <div className="p-4">{children}</div>
     </div>
   );
 }
 
+function modStatus(m?: (ModuleStatusFields & { error?: string | null }) | null): ModuleStatus {
+  if (!m) return 'ok';
+  if (m.status === 'skipped' || m.status === 'rate_limited' || m.status === 'error') return m.status;
+  if (m.error) return 'error';
+  return 'ok';
+}
+
+const STATUS_BADGE: Record<Exclude<ModuleStatus, 'ok'>, { label: string; color: string; hint: string }> = {
+  skipped: { label: 'SKIPPED', color: '#8b949e', hint: 'No API key configured' },
+  rate_limited: { label: 'RATE LIMITED', color: '#d29922', hint: 'Provider rate limit reached' },
+  error: { label: 'ERROR', color: '#f85149', hint: 'Module failed' },
+};
+
+function ModuleStatusBadge({ status, label }: { status: ModuleStatus; label?: string }) {
+  if (status === 'ok') return null;
+  const b = STATUS_BADGE[status];
+  return (
+    <span
+      className="text-[9px] font-bold uppercase tracking-wider px-1.5 py-0.5 rounded border"
+      style={{ color: b.color, borderColor: `${b.color}55`, background: `${b.color}11` }}
+    >
+      {label ?? b.label}
+    </span>
+  );
+}
+
+function ModuleNotice({ status, reason }: { status: 'skipped' | 'rate_limited'; reason?: string }) {
+  const b = STATUS_BADGE[status];
+  return (
+    <div className="text-[12px]" style={{ color: status === 'rate_limited' ? b.color : undefined }}>
+      <span className="text-text-2">{reason || b.hint}</span>
+      {status === 'skipped' && (
+        <span className="text-text-3"> — add the key to <code className="font-mono">.env</code> to enable this module.</span>
+      )}
+    </div>
+  );
+}
+
+function KeyModuleCard({ title, mod, children }: {
+  title: string;
+  mod?: (ModuleStatusFields & { error?: string | null }) | null;
+  children: React.ReactNode;
+}) {
+  if (!mod) return null;
+  const st = modStatus(mod);
+  if (st === 'ok') return <Card title={title}>{children}</Card>;
+  if (st === 'skipped' || st === 'rate_limited') {
+    return (
+      <Card title={title} extra={<ModuleStatusBadge status={st} />}>
+        <ModuleNotice status={st} reason={mod.status_reason} />
+      </Card>
+    );
+  }
+  return null;
+}
+
 function CopyIconButton({ onClick, label }: { onClick: () => void; label: string }) {
   return (
     <button
@@ -559,8 +620,8 @@ export function ScanResults({ scan }: Props) {
     if (t.id === 'dns') return r.dns?.records && Object.keys(r.dns.records).length > 0;
     if (t.id === 'subdomains') return r.cert_transparency?.subdomains?.length;
     if (t.id === 'accounts') return r.blackbird?.some(b => b.status === 'found');
-    if (t.id === 'threats') return r.virustotal || r.abuseipdb || r.shodan;
-    if (t.id === 'censys') return r.censys && !r.censys.error;
+    if (t.id === 'threats') return [r.virustotal, r.abuseipdb, r.shodan].some(m => m && modStatus(m) !== 'error');
+    if (t.id === 'censys') return r.censys && modStatus(r.censys) !== 'error';
     if (t.id === 'darkweb') return r.onion && !r.onion.error && (r.onion.total_found ?? 0) > 0;
     if (t.id === 'wayback') return r.wayback;
     if (t.id === 'email') return r.emailrep || r.smtp || r.breaches;
@@ -799,68 +860,62 @@ export function ScanResults({ scan }: Props) {
 
         {tab === 'threats' && (
           <div>
-            {r.virustotal && !r.virustotal.error && (
-              <Card title="VirusTotal">
-                <div className="grid grid-cols-2 sm:flex sm:gap-6 mb-4 gap-3">
-                  {[['Malicious', r.virustotal.malicious, '#f85149'], ['Suspicious', r.virustotal.suspicious, '#d29922'], ['Harmless', r.virustotal.harmless, '#3fb950'], ['Undetected', r.virustotal.undetected, '#484f58']].map(([l, v, c]) => (
-                    <div key={String(l)} className="text-center">
-                      <div className="text-2xl font-black" style={{ color: String(c) }}>{v}</div>
-                      <div className="text-[10px] text-text-3">{l}</div>
-                    </div>
-                  ))}
-                </div>
-                <div className="space-y-1.5">
-                  <DtRow label="Country" value={r.virustotal.country} />
-                  <DtRow label="ASN" value={r.virustotal.as_owner} />
+            <KeyModuleCard title="VirusTotal" mod={r.virustotal}>
+              <div className="grid grid-cols-2 sm:flex sm:gap-6 mb-4 gap-3">
+                {[['Malicious', r.virustotal?.malicious, '#f85149'], ['Suspicious', r.virustotal?.suspicious, '#d29922'], ['Harmless', r.virustotal?.harmless, '#3fb950'], ['Undetected', r.virustotal?.undetected, '#484f58']].map(([l, v, c]) => (
+                  <div key={String(l)} className="text-center">
+                    <div className="text-2xl font-black" style={{ color: String(c) }}>{v}</div>
+                    <div className="text-[10px] text-text-3">{l}</div>
+                  </div>
+                ))}
+              </div>
+              <div className="space-y-1.5">
+                <DtRow label="Country" value={r.virustotal?.country} />
+                <DtRow label="ASN" value={r.virustotal?.as_owner} />
+              </div>
+            </KeyModuleCard>
+            <KeyModuleCard title="AbuseIPDB" mod={r.abuseipdb}>
+              <div className="space-y-1.5">
+                <div className="dt-row"><span className="dt-label">Abuse Score</span>
+                  <span className="font-black" style={{ color: (r.abuseipdb?.abuse_score ?? 0) >= 50 ? '#f85149' : (r.abuseipdb?.abuse_score ?? 0) >= 10 ? '#d29922' : '#3fb950' }}>
+                    {r.abuseipdb?.abuse_score}/100
+                  </span>
                 </div>
-              </Card>
-            )}
-            {r.abuseipdb && !r.abuseipdb.error && (
-              <Card title="AbuseIPDB">
-                <div className="space-y-1.5">
-                  <div className="dt-row"><span className="dt-label">Abuse Score</span>
-                    <span className="font-black" style={{ color: (r.abuseipdb.abuse_score ?? 0) >= 50 ? '#f85149' : (r.abuseipdb.abuse_score ?? 0) >= 10 ? '#d29922' : '#3fb950' }}>
-                      {r.abuseipdb.abuse_score}/100
+                <DtRow label="Total Reports" value={r.abuseipdb?.total_reports} />
+                <DtRow label="ISP" value={r.abuseipdb?.isp} />
+                <DtRow label="Usage Type" value={r.abuseipdb?.usage_type} />
+                {r.abuseipdb?.is_tor && <div className="text-red text-[12px] font-semibold mt-1">⚠ TOR Exit Node</div>}
+              </div>
+            </KeyModuleCard>
+            <KeyModuleCard title="Shodan" mod={r.shodan}>
+              {r.shodan?.open_ports?.length ? (
+                <div className="mb-3">
+                  <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2">Open Ports</div>
+                  {r.shodan.open_ports.map(p => (
+                    <span key={p} className="inline-flex items-center gap-1 mr-1">
+                      <span className={`tag ${[21,22,23,3389,5900,445,3306,5432,27017,6379].includes(p) ? 'tag-red' : ''}`}>{p}</span>
+                      <CopyIconButton onClick={() => copyValue(p)} label="Copy Shodan port" />
                     </span>
-                  </div>
-                  <DtRow label="Total Reports" value={r.abuseipdb.total_reports} />
-                  <DtRow label="ISP" value={r.abuseipdb.isp} />
-                  <DtRow label="Usage Type" value={r.abuseipdb.usage_type} />
-                  {r.abuseipdb.is_tor && <div className="text-red text-[12px] font-semibold mt-1">⚠ TOR Exit Node</div>}
+                  ))}
                 </div>
-              </Card>
-            )}
-            {r.shodan && !r.shodan.error && (
-              <Card title="Shodan">
-                {r.shodan.open_ports?.length && (
-                  <div className="mb-3">
-                    <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2">Open Ports</div>
-                    {r.shodan.open_ports.map(p => (
-                      <span key={p} className="inline-flex items-center gap-1 mr-1">
-                        <span className={`tag ${[21,22,23,3389,5900,445,3306,5432,27017,6379].includes(p) ? 'tag-red' : ''}`}>{p}</span>
-                        <CopyIconButton onClick={() => copyValue(p)} label="Copy Shodan port" />
-                      </span>
-                    ))}
-                  </div>
-                )}
-                {r.shodan.vulns?.length && (
-                  <div className="mb-3">
-                    <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2 text-red">CVEs Found</div>
-                    {r.shodan.vulns.map(v => <span key={v} className="tag tag-red">{v}</span>)}
-                  </div>
-                )}
-              </Card>
-            )}
+              ) : null}
+              {r.shodan?.vulns?.length ? (
+                <div className="mb-3">
+                  <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2 text-red">CVEs Found</div>
+                  {r.shodan.vulns.map(v => <span key={v} className="tag tag-red">{v}</span>)}
+                </div>
+              ) : null}
+            </KeyModuleCard>
           </div>
         )}
 
-        {tab === 'censys' && r.censys && !r.censys.error && (
-          <Card title={`Censys — ${r.censys.domain ? 'Certificate Search' : 'Host Info'}`}>
+        {tab === 'censys' && (
+          <KeyModuleCard title={`Censys — ${r.censys?.domain ? 'Certificate Search' : 'Host Info'}`} mod={r.censys}>
             <div className="space-y-1.5">
-              {r.censys.ip && <div className="dt-row"><span className="dt-label">IP</span><span className="dt-value">{r.censys.ip}</span></div>}
-              {r.censys.asn && <div className="dt-row"><span className="dt-label">ASN</span><span className="dt-value">AS{r.censys.asn} {r.censys.as_name ?? ''}</span></div>}
-              {r.censys.country && <div className="dt-row"><span className="dt-label">Location</span><span className="dt-value">{[r.censys.city, r.censys.country].filter(Boolean).join(', ')}</span></div>}
-              {r.censys.open_ports && r.censys.open_ports.length > 0 && (
+              {r.censys?.ip && <div className="dt-row"><span className="dt-label">IP</span><span className="dt-value">{r.censys.ip}</span></div>}
+              {r.censys?.asn && <div className="dt-row"><span className="dt-label">ASN</span><span className="dt-value">AS{r.censys.asn} {r.censys.as_name ?? ''}</span></div>}
+              {r.censys?.country && <div className="dt-row"><span className="dt-label">Location</span><span className="dt-value">{[r.censys.city, r.censys.country].filter(Boolean).join(', ')}</span></div>}
+              {r.censys?.open_ports && r.censys.open_ports.length > 0 && (
                 <div className="dt-row"><span className="dt-label">Open Ports</span>
                   <div className="flex flex-wrap gap-1">
                     {r.censys.open_ports.map(p => (
@@ -872,7 +927,7 @@ export function ScanResults({ scan }: Props) {
                   </div>
                 </div>
               )}
-              {r.censys.subdomains && r.censys.subdomains.length > 0 && (
+              {r.censys?.subdomains && r.censys.subdomains.length > 0 && (
                 <div className="dt-row"><span className="dt-label">Subdomains ({r.censys.subdomains.length})</span>
                   <div className="flex flex-wrap gap-1">
                     {r.censys.subdomains.map(s => (
@@ -884,7 +939,7 @@ export function ScanResults({ scan }: Props) {
                   </div>
                 </div>
               )}
-              {r.censys.services && r.censys.services.length > 0 && (
+              {r.censys?.services && r.censys.services.length > 0 && (
                 <div className="mt-3">
                   <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2">Services</div>
                   <table className="w-full text-[12px]">
@@ -902,7 +957,7 @@ export function ScanResults({ scan }: Props) {
                 </div>
               )}
             </div>
-          </Card>
+          </KeyModuleCard>
         )}
 
         {tab === 'darkweb' && r.onion && (
@@ -1030,28 +1085,26 @@ export function ScanResults({ scan }: Props) {
                 </div>
               </Card>
             )}
-            {r.breaches && !r.breaches.error && (
-              <Card title="Breach Check">
-                <div className="space-y-1.5">
-                  {r.breaches.found !== undefined && (
-                    <div className="dt-row"><span className="dt-label">Breaches Found</span>
-                      <span className={r.breaches.found ? 'text-red font-bold' : 'text-green'}>{r.breaches.found ? 'Yes' : 'No'}</span>
-                    </div>
-                  )}
-                  {(r.breaches.breaches?.length ?? 0) > 0 && (
-                    <div className="mt-2">
-                      <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2">Breached Services</div>
-                      <div className="flex flex-wrap gap-1">
-                        {r.breaches.breaches?.map((b: any, i: number) => (
-                          <span key={i} className="tag tag-red">{typeof b === 'string' ? b : b.name || b.title || JSON.stringify(b)}</span>
-                        ))}
-                      </div>
+            <KeyModuleCard title="Breach Check" mod={r.breaches}>
+              <div className="space-y-1.5">
+                {r.breaches?.found !== undefined && (
+                  <div className="dt-row"><span className="dt-label">Breaches Found</span>
+                    <span className={r.breaches?.found ? 'text-red font-bold' : 'text-green'}>{r.breaches?.found ? 'Yes' : 'No'}</span>
+                  </div>
+                )}
+                {(r.breaches?.breaches?.length ?? 0) > 0 && (
+                  <div className="mt-2">
+                    <div className="text-[10px] text-text-3 uppercase tracking-wider mb-2">Breached Services</div>
+                    <div className="flex flex-wrap gap-1">
+                      {r.breaches?.breaches?.map((b: any, i: number) => (
+                        <span key={i} className="tag tag-red">{typeof b === 'string' ? b : b.name || b.title || JSON.stringify(b)}</span>
+                      ))}
                     </div>
-                  )}
-                  {r.breaches.total !== undefined && <DtRow label="Total Breaches" value={r.breaches.total} />}
-                </div>
-              </Card>
-            )}
+                  </div>
+                )}
+                {r.breaches?.total !== undefined && <DtRow label="Total Breaches" value={r.breaches.total} />}
+              </div>
+            </KeyModuleCard>
           </div>
         )}
 
diff --git a/frontend/src/lib/types.ts b/frontend/src/lib/types.ts
index 7b5928d..011083a 100644
--- a/frontend/src/lib/types.ts
+++ b/frontend/src/lib/types.ts
@@ -2,6 +2,17 @@ export type ScanType = 'domain' | 'ip' | 'email' | 'phone' | 'username';
 export type ScanStatus = 'idle' | 'running' | 'completed' | 'failed';
 export type ToolMode = 'metadata' | 'headers' | 'crypto' | 'qr' | 'mac' | null;
 
+/** Standard per-module result status (mirrors modules/module_status.py). */
+export type ModuleStatus = 'ok' | 'skipped' | 'rate_limited' | 'error';
+/** Live status shown on the progress badges while a scan runs. */
+export type LiveModuleStatus = ModuleStatus | 'running';
+
+/** Status fields attached by key-dependent modules. */
+export interface ModuleStatusFields {
+  status?: ModuleStatus;
+  status_reason?: string;
+}
+
 export interface ScanMeta {
   id: string;
   target: string;
@@ -73,7 +84,7 @@ export interface BlackbirdResult {
   response_time?: number;
 }
 
-export interface VirusTotalData {
+export interface VirusTotalData extends ModuleStatusFields {
   malicious?: number;
   suspicious?: number;
   harmless?: number;
@@ -83,7 +94,7 @@ export interface VirusTotalData {
   error?: string;
 }
 
-export interface AbuseIPDBData {
+export interface AbuseIPDBData extends ModuleStatusFields {
   abuse_score?: number;
   total_reports?: number;
   isp?: string;
@@ -92,7 +103,7 @@ export interface AbuseIPDBData {
   error?: string;
 }
 
-export interface ShodanData {
+export interface ShodanData extends ModuleStatusFields {
   open_ports?: number[];
   vulns?: string[];
   services?: { port: number; transport: string; product?: string; version?: string }[];
@@ -120,7 +131,7 @@ export interface PhoneData {
   error?: string;
 }
 
-export interface TelegramData {
+export interface TelegramData extends ModuleStatusFields {
   username?: string;
   found?: boolean;
   name?: string;
@@ -158,7 +169,7 @@ export interface SmtpData {
   error?: string;
 }
 
-export interface BreachData {
+export interface BreachData extends ModuleStatusFields {
   found?: boolean;
   total?: number;
   breaches?: (string | { name?: string; title?: string })[];
@@ -190,7 +201,7 @@ export interface ScanResults {
   graph?: unknown;
 }
 
-export interface CensysData {
+export interface CensysData extends ModuleStatusFields {
   error?: string | null;
   ip?: string;
   domain?: string;
diff --git a/modules/censys_lookup.py b/modules/censys_lookup.py
index 0876fa3..6d4caec 100644
--- a/modules/censys_lookup.py
+++ b/modules/censys_lookup.py
@@ -5,6 +5,8 @@
 
 import requests
 
+from modules.module_status import annotate, OK, SKIPPED, RATE_LIMITED, ERROR
+
 CENSYS_API_ID = os.getenv("CENSYS_API_ID", "")
 CENSYS_API_SECRET = os.getenv("CENSYS_API_SECRET", "")
 CENSYS_BASE = "https://search.censys.io/api"
@@ -23,11 +25,11 @@ def _auth(self) -> tuple[str, str] | None:
         return (self.api_id, self.api_secret)
 
     def _err_no_key(self) -> Dict[str, Any]:
-        return {
-            "error": "CENSYS_API_ID and CENSYS_API_SECRET not set in .env",
-            "results": [],
-            "total": 0,
-        }
+        return annotate(
+            {"results": [], "total": 0},
+            SKIPPED,
+            "No API key configured (CENSYS_API_ID / CENSYS_API_SECRET)",
+        )
 
     def search_ip(self, ip: str) -> Dict[str, Any]:
         auth = self._auth()
@@ -41,15 +43,18 @@ def search_ip(self, ip: str) -> Dict[str, Any]:
                 headers={"User-Agent": "PRISM-OSINT/2.1"},
             )
             if r.status_code == 401:
-                return {"error": "Invalid Censys credentials", "results": [], "total": 0}
+                return annotate({"results": [], "total": 0}, ERROR, "Invalid Censys credentials")
+            if r.status_code == 429:
+                return annotate({"results": [], "total": 0}, RATE_LIMITED, "Censys API rate limit reached")
             if r.status_code == 404:
-                return {"error": None, "results": [], "total": 0, "ip": ip}
+                return annotate({"results": [], "total": 0, "ip": ip}, OK)
             if r.status_code != 200:
-                return {"error": f"Censys HTTP {r.status_code}", "results": [], "total": 0}
+                return annotate({"results": [], "total": 0}, ERROR, f"Censys HTTP {r.status_code}")
             data = r.json().get("result", {})
             services = data.get("services") or []
             return {
                 "error": None,
+                "status": OK,
                 "ip": ip,
                 "asn": (data.get("autonomous_system") or {}).get("asn"),
                 "as_name": (data.get("autonomous_system") or {}).get("name"),
@@ -69,7 +74,7 @@ def search_ip(self, ip: str) -> Dict[str, Any]:
                 "total": len(services),
             }
         except Exception as e:
-            return {"error": str(e)[:200], "results": [], "total": 0}
+            return annotate({"results": [], "total": 0}, ERROR, str(e)[:200])
 
     def search_domain(self, domain: str) -> Dict[str, Any]:
         auth = self._auth()
@@ -87,12 +92,14 @@ def search_domain(self, domain: str) -> Dict[str, Any]:
                 },
             )
             if r.status_code == 401:
-                return {"error": "Invalid Censys credentials", "results": [], "total": 0}
+                return annotate({"results": [], "total": 0}, ERROR, "Invalid Censys credentials")
+            if r.status_code == 429:
+                return annotate({"results": [], "total": 0}, RATE_LIMITED, "Censys API rate limit reached")
             if r.status_code == 404:
-                                                                 
-                return {"error": None, "results": [], "total": 0, "domain": domain}
+
+                return annotate({"results": [], "total": 0, "domain": domain}, OK)
             if r.status_code != 200:
-                return {"error": f"Censys HTTP {r.status_code}", "results": [], "total": 0}
+                return annotate({"results": [], "total": 0}, ERROR, f"Censys HTTP {r.status_code}")
 
             data = r.json().get("result", {})
             hits = data.get("hits") or []
@@ -111,10 +118,11 @@ def search_domain(self, domain: str) -> Dict[str, Any]:
                 })
             return {
                 "error": None,
+                "status": OK,
                 "domain": domain,
                 "subdomains": sorted(subdomains),
                 "certificates": certs[:25],
                 "total": data.get("total", len(hits)),
             }
         except Exception as e:
-            return {"error": str(e)[:200], "results": [], "total": 0}
+            return annotate({"results": [], "total": 0}, ERROR, str(e)[:200])
diff --git a/modules/leak_lookup.py b/modules/leak_lookup.py
index 5abc03a..a4ee4b2 100644
--- a/modules/leak_lookup.py
+++ b/modules/leak_lookup.py
@@ -3,7 +3,8 @@
 from typing import Dict, Any, List, Optional
 import sys
 sys.path.append('..')
-from config import LEAK_LOOKUP_API_KEY, Colors
+from config import LEAK_LOOKUP_API_KEY, HIBP_API_KEY, Colors
+from modules.module_status import annotate, classify, print_status_notice, OK, SKIPPED, RATE_LIMITED, ERROR
 
 
 class LeakLookup:
@@ -13,6 +14,7 @@ class LeakLookup:
 
     def __init__(self):
         self.leak_lookup_key = LEAK_LOOKUP_API_KEY
+        self.hibp_key = HIBP_API_KEY
 
     def check_email_hibp(self, email: str) -> Dict[str, Any]:
         result = {
@@ -23,9 +25,12 @@ def check_email_hibp(self, email: str) -> Dict[str, Any]:
             "error": None
         }
 
+        if not self.hibp_key:
+            return annotate(result, SKIPPED, "No API key configured (HIBP_API_KEY)")
+
         headers = {
             "User-Agent": "OSINT-Tool",
-            "hibp-api-key": ""
+            "hibp-api-key": self.hibp_key,
         }
 
         try:
@@ -40,6 +45,7 @@ def check_email_hibp(self, email: str) -> Dict[str, Any]:
                 breaches = response.json()
                 result["breached"] = True
                 result["total_breaches"] = len(breaches)
+                result["status"] = OK
 
                 for breach in breaches:
                     result["breaches"].append({
@@ -56,8 +62,11 @@ def check_email_hibp(self, email: str) -> Dict[str, Any]:
 
             elif response.status_code == 404:
                 result["breached"] = False
+                result["status"] = OK
             elif response.status_code == 401:
-                result["error"] = "HIBP API key required for breach lookup"
+                annotate(result, SKIPPED, "Invalid HIBP API key")
+            elif response.status_code == 429:
+                annotate(result, RATE_LIMITED, "HIBP API rate limit reached")
             else:
                 result["error"] = f"HIBP returned status {response.status_code}"
 
@@ -109,8 +118,7 @@ def check_leak_lookup(self, query: str, query_type: str = "email_address") -> Di
         }
 
         if not self.leak_lookup_key:
-            result["error"] = "Leak-Lookup API key not configured"
-            return result
+            return annotate(result, SKIPPED, "No API key configured (LEAK_LOOKUP_API_KEY)")
 
         try:
             response = requests.post(
@@ -127,6 +135,7 @@ def check_leak_lookup(self, query: str, query_type: str = "email_address") -> Di
                 data = response.json()
                 if data.get("error") == "false" and data.get("message"):
                     result["found"] = True
+                    result["status"] = OK
                     if isinstance(data["message"], dict):
                         for source, entries in data["message"].items():
                             result["leaks"].append({
@@ -135,8 +144,11 @@ def check_leak_lookup(self, query: str, query_type: str = "email_address") -> Di
                             })
                 elif data.get("message") == "Not found":
                     result["found"] = False
+                    result["status"] = OK
                 else:
                     result["error"] = data.get("message", "Unknown response")
+            elif response.status_code == 429:
+                annotate(result, RATE_LIMITED, "Leak-Lookup API rate limit reached")
             else:
                 result["error"] = f"API returned status {response.status_code}"
 
@@ -163,13 +175,41 @@ def check_email_full(self, email: str) -> Dict[str, Any]:
             result["is_compromised"] = True
             result["total_breaches"] += len(result["leak_lookup"]["leaks"])
 
+        # A working source wins; otherwise surface rate-limited/skipped state.
+        sub_statuses = [classify(result["hibp"])]
+        if result["leak_lookup"] is not None:
+            sub_statuses.append(classify(result["leak_lookup"]))
+        else:
+            sub_statuses.append(SKIPPED)
+
+        for level in (OK, RATE_LIMITED, SKIPPED, ERROR):
+            if level in sub_statuses:
+                reason = None
+                if level != OK:
+                    reason = self._aggregate_reason(level, result)
+                annotate(result, level, reason)
+                break
+
         return result
 
+    @staticmethod
+    def _aggregate_reason(level: str, result: Dict[str, Any]) -> Optional[str]:
+        from modules.module_status import reason_for
+        for sub in (result.get("hibp"), result.get("leak_lookup")):
+            if isinstance(sub, dict) and classify(sub) == level:
+                return reason_for(sub)
+        if level == SKIPPED:
+            return "No breach API key configured (HIBP / LEAK_LOOKUP_API_KEY)"
+        return None
+
     def print_result(self, result: Dict, check_type: str = "email"):
         print(f"\n{Colors.CYAN}{'='*60}{Colors.RESET}")
         print(f"{Colors.BOLD}Leak/Breach Check Results{Colors.RESET}")
         print(f"{Colors.CYAN}{'='*60}{Colors.RESET}")
 
+        if print_status_notice(result):
+            return
+
         if check_type == "email":
             email = result.get("email", "")
             is_compromised = result.get("is_compromised", False)
diff --git a/modules/module_status.py b/modules/module_status.py
new file mode 100644
index 0000000..336c9c8
--- /dev/null
+++ b/modules/module_status.py
@@ -0,0 +1,124 @@
+"""Standard status vocabulary for module results.
+
+Several PRISM modules depend on third-party API keys (Shodan, VirusTotal,
+AbuseIPDB, Censys, …). When a key is absent or the provider rate-limits us,
+the module should report a clear, machine-readable status instead of failing
+hard, so the dashboard can render a per-module badge.
+
+Every key-dependent module attaches one of the following statuses to its
+result dict via :func:`annotate`. Modules that do not set a status explicitly
+are classified heuristically from their legacy ``error`` field by
+:func:`classify`, keeping backwards compatibility.
+"""
+
+from typing import Any, Dict, Optional
+
+#: Module ran successfully and returned data.
+OK = "ok"
+#: A prerequisite is missing (e.g. no API key configured) — not a failure.
+SKIPPED = "skipped"
+#: The provider throttled the request (HTTP 429 / quota exhausted).
+RATE_LIMITED = "rate_limited"
+#: A genuine error occurred while running the module.
+ERROR = "error"
+
+#: All valid statuses, in severity order.
+ALL = (OK, SKIPPED, RATE_LIMITED, ERROR)
+
+# Substrings used to infer a status from a legacy free-text error message.
+_RATE_LIMIT_HINTS = (
+    "rate limit",
+    "rate-limit",
+    "ratelimit",
+    "429",
+    "too many requests",
+    "quota",
+    "exceeded",
+)
+_SKIPPED_HINTS = (
+    "api key",
+    "api_key",
+    "not set",
+    "not configured",
+    "credentials",
+    "no api",
+    "requires",
+)
+
+
+def classify(result: Any) -> str:
+    """Return the status for a module ``result``.
+
+    Honours an explicit ``status`` field when present and valid; otherwise
+    falls back to inspecting the ``error`` field so legacy modules keep
+    reporting a sensible status.
+    """
+    if not isinstance(result, dict):
+        return OK
+    explicit = result.get("status")
+    if explicit in ALL:
+        return explicit
+    err = result.get("error")
+    if not err:
+        return OK
+    low = str(err).lower()
+    if any(hint in low for hint in _RATE_LIMIT_HINTS):
+        return RATE_LIMITED
+    if any(hint in low for hint in _SKIPPED_HINTS):
+        return SKIPPED
+    return ERROR
+
+
+def reason_for(result: Any) -> Optional[str]:
+    """Return a human-readable explanation for a non-OK status, if any."""
+    if not isinstance(result, dict):
+        return None
+    return result.get("status_reason") or result.get("error")
+
+
+def status_notice(result: Any) -> Optional[str]:
+    """Return a one-line notice for a ``skipped`` / ``rate_limited`` result.
+
+    Returns ``None`` for ``ok`` and ``error`` (callers render those normally).
+    """
+    status = classify(result)
+    if status in (SKIPPED, RATE_LIMITED):
+        label = "Skipped" if status == SKIPPED else "Rate limited"
+        reason = reason_for(result)
+        return f"{label}: {reason}" if reason else label
+    return None
+
+
+def print_status_notice(result: Any) -> bool:
+    """Print a CLI notice for a degraded (skipped/rate-limited) module result.
+
+    Returns ``True`` when a notice was printed so callers can stop rendering.
+    """
+    notice = status_notice(result)
+    if notice is None:
+        return False
+    try:
+        from config import Colors
+        print(f"{Colors.YELLOW}{notice}{Colors.RESET}")
+    except Exception:
+        print(notice)
+    return True
+
+
+def annotate(result: Dict[str, Any], status: str, reason: Optional[str] = None) -> Dict[str, Any]:
+    """Attach a standard ``status`` (and optional human ``reason``) to a result.
+
+    For a genuine ``ERROR`` the ``reason`` is also mirrored into the legacy
+    ``error`` field so existing error-based consumers keep working. For any
+    non-error status the ``error`` field is cleared, so "skipped" /
+    "rate_limited" outcomes are not rendered as hard errors.
+    """
+    result["status"] = status
+    if reason is not None:
+        result["status_reason"] = reason
+    if status == ERROR:
+        if reason is not None:
+            result["error"] = reason
+    else:
+        result["error"] = None
+    return result
diff --git a/modules/shodan_lookup.py b/modules/shodan_lookup.py
index a14cd4c..ba2d417 100644
--- a/modules/shodan_lookup.py
+++ b/modules/shodan_lookup.py
@@ -3,6 +3,7 @@
 import sys
 sys.path.append('..')
 from config import Colors, SHODAN_API_KEY
+from modules.module_status import annotate, print_status_notice, OK, SKIPPED, RATE_LIMITED, ERROR
 
 
 class ShodanLookup:
@@ -31,8 +32,7 @@ def host_info(self, ip: str) -> Dict[str, Any]:
         }
 
         if not self.api_key:
-            result["error"] = "SHODAN_API_KEY not set in .env"
-            return result
+            return annotate(result, SKIPPED, "No API key configured (SHODAN_API_KEY)")
 
         try:
             r = requests.get(
@@ -45,8 +45,9 @@ def host_info(self, ip: str) -> Dict[str, Any]:
                 result["error"] = "No information available for this IP in Shodan"
                 return result
             if r.status_code == 401:
-                result["error"] = "Invalid Shodan API key"
-                return result
+                return annotate(result, ERROR, "Invalid Shodan API key")
+            if r.status_code == 429:
+                return annotate(result, RATE_LIMITED, "Shodan API rate limit reached")
             if r.status_code != 200:
                 result["error"] = f"Shodan API returned {r.status_code}"
                 return result
@@ -82,9 +83,10 @@ def host_info(self, ip: str) -> Dict[str, Any]:
                 services.append(svc)
 
             result["services"] = services
+            result["status"] = OK
 
         except Exception as e:
-            result["error"] = str(e)
+            return annotate(result, ERROR, str(e))
 
         return result
 
@@ -97,8 +99,7 @@ def search(self, query: str, limit: int = 10) -> Dict[str, Any]:
         }
 
         if not self.api_key:
-            result["error"] = "SHODAN_API_KEY not set in .env"
-            return result
+            return annotate(result, SKIPPED, "No API key configured (SHODAN_API_KEY)")
 
         try:
             r = requests.get(
@@ -107,6 +108,8 @@ def search(self, query: str, limit: int = 10) -> Dict[str, Any]:
                 timeout=20,
             )
 
+            if r.status_code == 429:
+                return annotate(result, RATE_LIMITED, "Shodan API rate limit reached")
             if r.status_code != 200:
                 result["error"] = f"Shodan API returned {r.status_code}: {r.text[:200]}"
                 return result
@@ -125,9 +128,10 @@ def search(self, query: str, limit: int = 10) -> Dict[str, Any]:
                         "version": match.get("version"),
                     }
                 )
+            result["status"] = OK
 
         except Exception as e:
-            result["error"] = str(e)
+            return annotate(result, ERROR, str(e))
 
         return result
 
@@ -136,6 +140,8 @@ def print_host_result(self, result: Dict) -> None:
         print(f"{Colors.BOLD}Shodan Host: {result['ip']}{Colors.RESET}")
         print(f"{Colors.CYAN}{'='*60}{Colors.RESET}")
 
+        if print_status_notice(result):
+            return
         if result.get("error"):
             print(f"{Colors.RED}Error: {result['error']}{Colors.RESET}")
             return
@@ -171,6 +177,8 @@ def print_search_result(self, result: Dict) -> None:
         print(f"{Colors.BOLD}Shodan Search: {result['query']}{Colors.RESET}")
         print(f"{Colors.CYAN}{'='*60}{Colors.RESET}")
 
+        if print_status_notice(result):
+            return
         if result.get("error"):
             print(f"{Colors.RED}Error: {result['error']}{Colors.RESET}")
             return
diff --git a/modules/telegram_lookup.py b/modules/telegram_lookup.py
index 2428d1d..cdf2f6b 100644
--- a/modules/telegram_lookup.py
+++ b/modules/telegram_lookup.py
@@ -4,6 +4,7 @@
 import sys
 sys.path.append('..')
 from config import Colors
+from modules.module_status import annotate, print_status_notice, OK, SKIPPED, ERROR
 
 
 class TelegramLookup:
@@ -40,6 +41,7 @@ def lookup_username(self, username: str) -> Dict[str, Any]:
 
             if r.status_code == 404:
                 result["found"] = False
+                result["status"] = OK
                 return result
 
             html = r.text
@@ -79,10 +81,12 @@ def lookup_username(self, username: str) -> Dict[str, Any]:
             if subs_match:
                 result["subscribers"] = subs_match.group(1).strip()
 
+            result["status"] = OK
+
         except requests.exceptions.ConnectionError:
-            result["error"] = "Connection error — Telegram may be blocked. Try with VPN."
+            return annotate(result, ERROR, "Connection error — Telegram may be blocked. Try with VPN.")
         except Exception as e:
-            result["error"] = str(e)
+            return annotate(result, ERROR, str(e))
 
         return result
 
@@ -107,6 +111,7 @@ def lookup_id(self, tg_id: str, bot_token: Optional[str] = None) -> Dict[str, An
                 if data.get("ok") and data.get("result"):
                     chat = data["result"]
                     result["found"] = True
+                    result["status"] = OK
                     result["name"] = (chat.get("first_name", "") + " " + chat.get("last_name", "")).strip() or chat.get("title")
                     result["username"] = chat.get("username")
                     result["entity_type"] = chat.get("type", "unknown")
@@ -118,7 +123,7 @@ def lookup_id(self, tg_id: str, bot_token: Optional[str] = None) -> Dict[str, An
             except Exception as e:
                 result["error"] = str(e)
         else:
-            result["error"] = "ID lookup requires TELEGRAM_BOT_TOKEN — add to .env"
+            annotate(result, SKIPPED, "ID lookup requires TELEGRAM_BOT_TOKEN — add to .env")
             result["hint"] = "Create a bot via @BotFather (free) and add the token to .env"
 
         return result
@@ -131,6 +136,10 @@ def run_lookup(self, target: str, bot_token: Optional[str] = None) -> Dict[str,
 
     def print_result(self, result: Dict[str, Any]) -> None:
         print(f"\n{Colors.BOLD}Telegram Lookup{Colors.RESET}")
+        if print_status_notice(result):
+            if result.get("hint"):
+                print(f"{Colors.YELLOW}Hint:{Colors.RESET} {result['hint']}")
+            return
         if result.get("error"):
             print(f"{Colors.RED}Error:{Colors.RESET} {result['error']}")
             if result.get("hint"):
diff --git a/modules/threat_intel.py b/modules/threat_intel.py
index d63e8fd..fffadf9 100644
--- a/modules/threat_intel.py
+++ b/modules/threat_intel.py
@@ -3,6 +3,7 @@
 import sys
 sys.path.append('..')
 from config import Colors, VIRUSTOTAL_API_KEY, ABUSEIPDB_API_KEY
+from modules.module_status import annotate, print_status_notice, OK, SKIPPED, RATE_LIMITED, ERROR
 
 
 class VirusTotal:
@@ -15,7 +16,7 @@ def __init__(self):
 
     def _get(self, endpoint: str) -> Dict:
         if not self.api_key:
-            return {"error": "VIRUSTOTAL_API_KEY not set in .env"}
+            return annotate({}, SKIPPED, "No API key configured (VIRUSTOTAL_API_KEY)")
         try:
             r = requests.get(
                 f"{self.BASE_URL}{endpoint}",
@@ -26,13 +27,19 @@ def _get(self, endpoint: str) -> Dict:
                 return r.json()
             if r.status_code == 404:
                 return {"error": "Not found in VirusTotal database"}
+            if r.status_code == 429:
+                return annotate({}, RATE_LIMITED, "VirusTotal API rate limit reached")
             return {"error": f"API returned {r.status_code}: {r.text[:200]}"}
         except Exception as e:
             return {"error": str(e)}
 
+    @staticmethod
+    def _failed(raw: Dict) -> bool:
+        return bool(raw.get("error")) or raw.get("status") in (SKIPPED, RATE_LIMITED, ERROR)
+
     def check_ip(self, ip: str) -> Dict[str, Any]:
         raw = self._get(f"/ip_addresses/{ip}")
-        if "error" in raw:
+        if self._failed(raw):
             return {"query": ip, "type": "ip", **raw}
 
         attrs = raw.get("data", {}).get("attributes", {})
@@ -51,11 +58,12 @@ def check_ip(self, ip: str) -> Dict[str, Any]:
             "reputation": attrs.get("reputation", 0),
             "tags": attrs.get("tags", []),
             "error": None,
+            "status": OK,
         }
 
     def check_domain(self, domain: str) -> Dict[str, Any]:
         raw = self._get(f"/domains/{domain}")
-        if "error" in raw:
+        if self._failed(raw):
             return {"query": domain, "type": "domain", **raw}
 
         attrs = raw.get("data", {}).get("attributes", {})
@@ -73,11 +81,15 @@ def check_domain(self, domain: str) -> Dict[str, Any]:
             "creation_date": attrs.get("creation_date"),
             "tags": attrs.get("tags", []),
             "error": None,
+            "status": OK,
         }
 
     def check_url(self, url: str) -> Dict[str, Any]:
         if not self.api_key:
-            return {"query": url, "type": "url", "error": "VIRUSTOTAL_API_KEY not set in .env"}
+            return annotate(
+                {"query": url, "type": "url"}, SKIPPED,
+                "No API key configured (VIRUSTOTAL_API_KEY)",
+            )
         try:
             submit_r = requests.post(
                 f"{self.BASE_URL}/urls",
@@ -85,6 +97,11 @@ def check_url(self, url: str) -> Dict[str, Any]:
                 data={"url": url},
                 timeout=15,
             )
+            if submit_r.status_code == 429:
+                return annotate(
+                    {"query": url, "type": "url"}, RATE_LIMITED,
+                    "VirusTotal API rate limit reached",
+                )
             if submit_r.status_code not in (200, 201):
                 return {"query": url, "type": "url", "error": f"Submit failed: {submit_r.status_code}"}
 
@@ -111,6 +128,7 @@ def check_url(self, url: str) -> Dict[str, Any]:
                 "harmless": stats.get("harmless", 0),
                 "undetected": stats.get("undetected", 0),
                 "error": None,
+                "status": OK,
             }
         except Exception as e:
             return {"query": url, "type": "url", "error": str(e)}
@@ -120,6 +138,8 @@ def print_result(self, result: Dict) -> None:
         print(f"{Colors.BOLD}VirusTotal: {result['query']}{Colors.RESET}")
         print(f"{Colors.CYAN}{'='*60}{Colors.RESET}")
 
+        if print_status_notice(result):
+            return
         if result.get("error"):
             print(f"{Colors.RED}Error: {result['error']}{Colors.RESET}")
             return
@@ -173,8 +193,7 @@ def check_ip(self, ip: str, max_age_days: int = 90) -> Dict[str, Any]:
         }
 
         if not self.api_key:
-            result["error"] = "ABUSEIPDB_API_KEY not set in .env"
-            return result
+            return annotate(result, SKIPPED, "No API key configured (ABUSEIPDB_API_KEY)")
 
         try:
             r = requests.get(
@@ -198,10 +217,13 @@ def check_ip(self, ip: str, max_age_days: int = 90) -> Dict[str, Any]:
                         "last_reported": data.get("lastReportedAt"),
                     }
                 )
+                result["status"] = OK
+            elif r.status_code == 429:
+                return annotate(result, RATE_LIMITED, "AbuseIPDB API rate limit reached")
             else:
                 result["error"] = f"AbuseIPDB returned {r.status_code}"
         except Exception as e:
-            result["error"] = str(e)
+            return annotate(result, ERROR, str(e))
 
         return result
 
@@ -210,6 +232,8 @@ def print_result(self, result: Dict) -> None:
         print(f"{Colors.BOLD}AbuseIPDB: {result['ip']}{Colors.RESET}")
         print(f"{Colors.CYAN}{'='*60}{Colors.RESET}")
 
+        if print_status_notice(result):
+            return
         if result.get("error"):
             print(f"{Colors.RED}Error: {result['error']}{Colors.RESET}")
             return
diff --git a/tests/test_module_status.py b/tests/test_module_status.py
new file mode 100644
index 0000000..fd6510e
--- /dev/null
+++ b/tests/test_module_status.py
@@ -0,0 +1,138 @@
+"""Tests for the standard module status enum and graceful degradation when a
+key-dependent module has no API key (issue #61)."""
+
+import os
+import sys
+
+import pytest
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), ".."))
+
+from modules.module_status import (
+    annotate,
+    classify,
+    reason_for,
+    status_notice,
+    OK,
+    SKIPPED,
+    RATE_LIMITED,
+    ERROR,
+    ALL,
+)
+
+
+class TestStatusNotice:
+    def test_notice_for_skipped(self):
+        result = annotate({}, SKIPPED, "No API key configured (SHODAN_API_KEY)")
+        assert status_notice(result) == "Skipped: No API key configured (SHODAN_API_KEY)"
+
+    def test_notice_for_rate_limited(self):
+        result = annotate({}, RATE_LIMITED, "Shodan API rate limit reached")
+        assert status_notice(result) == "Rate limited: Shodan API rate limit reached"
+
+    def test_no_notice_for_ok_or_error(self):
+        assert status_notice({"status": OK}) is None
+        assert status_notice({"error": "boom"}) is None
+
+
+class TestClassify:
+    def test_explicit_status_is_honoured(self):
+        assert classify({"status": SKIPPED}) == SKIPPED
+        assert classify({"status": RATE_LIMITED, "error": "anything"}) == RATE_LIMITED
+
+    def test_no_error_is_ok(self):
+        assert classify({"error": None}) == OK
+        assert classify({}) == OK
+
+    def test_non_dict_is_ok(self):
+        # Some modules (e.g. blackbird) return lists.
+        assert classify([1, 2, 3]) == OK
+        assert classify(None) == OK
+
+    def test_missing_key_text_is_skipped(self):
+        assert classify({"error": "SHODAN_API_KEY not set in .env"}) == SKIPPED
+        assert classify({"error": "Leak-Lookup API key not configured"}) == SKIPPED
+        assert classify({"error": "Invalid Censys credentials"}) == SKIPPED
+
+    def test_rate_limit_text_is_rate_limited(self):
+        assert classify({"error": "API returned 429: too many requests"}) == RATE_LIMITED
+        assert classify({"error": "You have exceeded your quota"}) == RATE_LIMITED
+
+    def test_generic_error_is_error(self):
+        assert classify({"error": "Connection refused"}) == ERROR
+
+    def test_invalid_explicit_status_falls_back(self):
+        assert classify({"status": "bogus", "error": "boom"}) == ERROR
+
+
+class TestAnnotate:
+    def test_non_error_status_clears_error(self):
+        result = {"error": "SHODAN_API_KEY not set"}
+        annotate(result, SKIPPED, "No API key configured (SHODAN_API_KEY)")
+        assert result["status"] == SKIPPED
+        assert result["error"] is None
+        assert result["status_reason"] == "No API key configured (SHODAN_API_KEY)"
+
+    def test_error_status_keeps_error_semantics(self):
+        result = {}
+        annotate(result, ERROR, "Connection refused")
+        assert result["status"] == ERROR
+        assert result["status_reason"] == "Connection refused"
+
+    def test_reason_for_prefers_status_reason(self):
+        assert reason_for({"status_reason": "nice", "error": "raw"}) == "nice"
+        assert reason_for({"error": "raw"}) == "raw"
+        assert reason_for({}) is None
+
+    def test_all_statuses_are_unique(self):
+        assert ALL == (OK, SKIPPED, RATE_LIMITED, ERROR)
+        assert len(set(ALL)) == 4
+
+
+class TestKeyDependentModulesSkip:
+    """Each key-dependent module should report `skipped` (not a hard error)
+    when its API key is absent."""
+
+    def test_shodan_skipped_without_key(self):
+        from modules.shodan_lookup import ShodanLookup
+        sh = ShodanLookup()
+        sh.api_key = ""
+        result = sh.host_info("8.8.8.8")
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+
+    def test_virustotal_skipped_without_key(self):
+        from modules.threat_intel import VirusTotal
+        vt = VirusTotal()
+        vt.api_key = ""
+        result = vt.check_ip("8.8.8.8")
+        assert classify(result) == SKIPPED
+
+    def test_abuseipdb_skipped_without_key(self):
+        from modules.threat_intel import AbuseIPDB
+        adb = AbuseIPDB()
+        adb.api_key = ""
+        result = adb.check_ip("8.8.8.8")
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+
+    def test_censys_skipped_without_key(self):
+        from modules.censys_lookup import CensysLookup
+        cl = CensysLookup()
+        cl.api_id = ""
+        cl.api_secret = ""
+        assert classify(cl.search_ip("8.8.8.8")) == SKIPPED
+        assert classify(cl.search_domain("example.com")) == SKIPPED
+
+    def test_leak_lookup_skipped_without_key(self):
+        from modules.leak_lookup import LeakLookup
+        ll = LeakLookup()
+        ll.leak_lookup_key = ""
+        result = ll.check_leak_lookup("a@b.com")
+        assert classify(result) == SKIPPED
+
+    def test_telegram_id_skipped_without_token(self):
+        from modules.telegram_lookup import TelegramLookup
+        result = TelegramLookup().lookup_id("123456", bot_token=None)
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
diff --git a/tests/test_modules_extended.py b/tests/test_modules_extended.py
index df1dda1..bc5a2af 100644
--- a/tests/test_modules_extended.py
+++ b/tests/test_modules_extended.py
@@ -298,7 +298,9 @@ def json(self):
                 return []
 
         monkeypatch.setattr(requests, "get", lambda *a, **k: MockResp())
-        result = LeakLookup().check_email_hibp("clean@example.com")
+        ll = LeakLookup()
+        ll.hibp_key = "fakekey"
+        result = ll.check_email_hibp("clean@example.com")
         assert result["breached"] is False
         assert result["total_breaches"] == 0
         assert result["error"] is None
@@ -318,14 +320,33 @@ def json(self):
                 ]
 
         monkeypatch.setattr(requests, "get", lambda *a, **k: MockResp())
-        result = LeakLookup().check_email_hibp("breached@example.com")
+        ll = LeakLookup()
+        ll.hibp_key = "fakekey"
+        result = ll.check_email_hibp("breached@example.com")
         assert result["breached"] is True
         assert result["total_breaches"] == 1
         assert result["breaches"][0]["name"] == "Adobe"
 
+    def test_check_email_hibp_no_key_skips_without_request(self, monkeypatch):
+        import requests
+        from modules.leak_lookup import LeakLookup
+        from modules.module_status import classify, SKIPPED
+
+        def _fail(*a, **k):
+            raise AssertionError("HIBP must not be called without a key")
+
+        monkeypatch.setattr(requests, "get", _fail)
+        ll = LeakLookup()
+        ll.hibp_key = ""
+        result = ll.check_email_hibp("x@example.com")
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+        assert "HIBP_API_KEY" in result["status_reason"]
+
     def test_check_email_hibp_401(self, monkeypatch):
         import requests
         from modules.leak_lookup import LeakLookup
+        from modules.module_status import classify, SKIPPED
 
         class MockResp:
             status_code = 401
@@ -333,9 +354,12 @@ def json(self):
                 return {}
 
         monkeypatch.setattr(requests, "get", lambda *a, **k: MockResp())
-        result = LeakLookup().check_email_hibp("x@example.com")
-        assert result["error"] is not None
-        assert "API key" in result["error"]
+        ll = LeakLookup()
+        ll.hibp_key = "fakekey"
+        result = ll.check_email_hibp("x@example.com")
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+        assert "HIBP" in result["status_reason"]
 
     def test_check_password_pwned(self, monkeypatch):
         import requests
@@ -372,8 +396,10 @@ def test_leak_lookup_no_api_key(self, monkeypatch):
         ll = LeakLookup()
         ll.leak_lookup_key = ""
         result = ll.check_leak_lookup("test@example.com")
-        assert result["error"] is not None
-        assert "not configured" in result["error"]
+        from modules.module_status import classify, SKIPPED
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+        assert "API key" in result["status_reason"]
 
     def test_check_email_full_structure(self, monkeypatch):
         import requests
@@ -402,8 +428,10 @@ def test_no_api_key(self, monkeypatch):
         monkeypatch.setattr("modules.threat_intel.VIRUSTOTAL_API_KEY", "")
         vt = VirusTotal()
         result = vt.check_ip("1.2.3.4")
-        assert result["error"] is not None
-        assert "not set" in result["error"]
+        from modules.module_status import classify, SKIPPED
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+        assert "API key" in result["status_reason"]
 
     def test_check_ip_success(self, monkeypatch):
         import requests
@@ -468,7 +496,10 @@ def test_no_api_key(self, monkeypatch):
         monkeypatch.setattr("modules.threat_intel.ABUSEIPDB_API_KEY", "")
         adb = AbuseIPDB()
         result = adb.check_ip("1.2.3.4")
-        assert result["error"] is not None
+        from modules.module_status import classify, SKIPPED
+        assert classify(result) == SKIPPED
+        assert result["error"] is None
+        assert "API key" in result["status_reason"]
 
     def test_check_ip_success(self, monkeypatch):
         import requests
diff --git a/tests/test_v2_1_modules.py b/tests/test_v2_1_modules.py
index 1c70494..bd6be5f 100644
--- a/tests/test_v2_1_modules.py
+++ b/tests/test_v2_1_modules.py
@@ -50,15 +50,18 @@ def raise_network(*a, **k):
 
 
 class TestCensysLookup:
-    def test_no_credentials_returns_error(self, monkeypatch):
+    def test_no_credentials_returns_skipped(self, monkeypatch):
         monkeypatch.setattr("modules.censys_lookup.CENSYS_API_ID", "")
         monkeypatch.setattr("modules.censys_lookup.CENSYS_API_SECRET", "")
         from modules.censys_lookup import CensysLookup
+        from modules.module_status import classify, SKIPPED
         cl = CensysLookup()
         cl.api_id = ""
         cl.api_secret = ""
         result = cl.search_ip("8.8.8.8")
-        assert "not set" in (result.get("error") or "")
+        assert classify(result) == SKIPPED
+        assert result.get("error") is None
+        assert "API key" in result.get("status_reason", "")
 
     def test_search_ip_success(self, monkeypatch):
         import requests
diff --git a/web/app.py b/web/app.py
index ccc1545..441cc60 100644
--- a/web/app.py
+++ b/web/app.py
@@ -23,6 +23,7 @@
 import config
 
 from modules.graph_builder import build_graph
+from modules.module_status import classify, reason_for, OK, ERROR
 from modules.opsec_score import score_from_results
 from modules.report_generator import generate_html_report, generate_pdf_report
 from modules.webhook_formatters import format_slack, format_discord
@@ -299,13 +300,27 @@ async def _push(scan_id: str, msg: Dict) -> None:
 
 _CACHED_MODULES = {"shodan", "hlr", "virustotal", "abuseipdb", "geoip"}
 
+def _done_message(name: str, result: Any, cached: bool = False) -> Dict[str, Any]:
+    status = classify(result)
+    msg: Dict[str, Any] = {"type": "module_done", "module": name, "status": status}
+    if cached:
+        msg["cached"] = True
+    reason = reason_for(result)
+    if reason and status != OK:
+        msg["reason"] = reason
+        if status == ERROR:
+            msg["error"] = reason
+    return msg
+
+
 async def _run_module(scan_id: str, name: str, coro_or_func, *args, **kwargs) -> Any:
     await _push(scan_id, {"type": "module_start", "module": name})
     cache_target = args[0] if args else None
     if name in _CACHED_MODULES and cache_target:
         cached = _get_cached(name, str(cache_target))
-        if cached is not None:
-            await _push(scan_id, {"type": "module_done", "module": name, "status": "ok", "cached": True})
+        # Ignore legacy non-OK cache entries so the module can re-run.
+        if cached is not None and classify(cached) == OK:
+            await _push(scan_id, _done_message(name, cached, cached=True))
             return cached
     try:
         if asyncio.iscoroutinefunction(coro_or_func):
@@ -313,13 +328,17 @@ async def _run_module(scan_id: str, name: str, coro_or_func, *args, **kwargs) ->
         else:
             loop = asyncio.get_event_loop()
             result = await loop.run_in_executor(None, lambda: coro_or_func(*args, **kwargs))
-        if name in _CACHED_MODULES and cache_target and not (isinstance(result, dict) and result.get("error")):
+        status = classify(result)
+        if isinstance(result, dict) and "status" not in result:
+            result["status"] = status
+        # Cache only successful results so a missing key is not frozen in cache.
+        if name in _CACHED_MODULES and cache_target and status == OK:
             _set_cache(name, str(cache_target), result)
-        await _push(scan_id, {"type": "module_done", "module": name, "status": "ok"})
+        await _push(scan_id, _done_message(name, result))
         return result
     except Exception as exc:
-        await _push(scan_id, {"type": "module_done", "module": name, "status": "error", "error": str(exc)})
-        return {"error": str(exc)}
+        await _push(scan_id, {"type": "module_done", "module": name, "status": ERROR, "error": str(exc)})
+        return {"error": str(exc), "status": ERROR}
 
 async def _execute_scan(scan_id: str, target: str, scan_type: str, modules: list, webhook_url: Optional[str] = None) -> None:
     results: Dict[str, Any] = {}
@@ -484,7 +503,7 @@ def want(name: str) -> bool:
         await _push(scan_id, {"type": "module_start", "module": "opsec_score"})
         opsec = score_from_results(results)
         results["opsec_score"] = opsec
-        await _push(scan_id, {"type": "module_done", "module": "opsec_score", "status": "ok"})
+        await _push(scan_id, {"type": "module_done", "module": "opsec_score", "status": OK})
 
         graph = build_graph(target, scan_type, results)
         results["graph"] = graph