Pipeworx ashby
Security checks across malware telemetry and agentic risk
Overview
Review carefully: this remote Ashby connector can access sensitive candidate and hiring data, but the artifacts do not explain authentication, permission scope, or data handling by the gateway.
Before installing, confirm who operates gateway.pipeworx.io, how it authenticates to Ashby, whether access is read-only or can modify ATS records, what data it stores or logs, and whether its permissions are limited to the jobs and candidate records you intend to use.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Candidate personal information, resumes, and interview records could be exposed to or processed by a third-party gateway whose controls are not documented here.
The skill routes sensitive ATS data through an external MCP gateway, but the artifacts do not describe gateway identity guarantees, authorization, retention, or data handling boundaries.
Returns names, emails... Returns contact info, resume, interview history... "url": "https://gateway.pipeworx.io/ashby/mcp"
Only use this after verifying Pipeworx's Ashby MCP gateway, authentication method, data retention policy, and which Ashby permissions it receives.
A user may not know what account access is being granted or whether the connector has broader Ashby permissions than expected.
The registry declares no credential contract even though the skill claims to access private Ashby ATS records, making the required account authority and permission scope unclear.
Required env vars: none; Env var declarations: none; Primary credential: none
Require explicit documentation of the authentication flow, minimal Ashby scopes, and whether access is read-only before installing.
Users have limited ability to inspect how requests and ATS data are handled behind the remote service.
The reviewed package provides only instructions and a remote MCP endpoint, so the actual gateway implementation and provenance are not visible in the artifacts.
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.
Prefer a connector with clear publisher identity, documentation, and auditable implementation details, especially for HR data.