Recruitee
v1.0.2Recruitee integration. Manage Companies. Use when the user wants to interact with Recruitee data.
⭐ 0· 220·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Recruitee and all runtime instructions center on installing and using the Membrane CLI to connect to Recruitee. There are no unrelated credentials, binaries, or install steps requested.
Instruction Scope
SKILL.md instructs the agent to use membrane CLI commands (login, connect, action list/run, request proxy). This stays within the integration's scope, but the documented 'proxy' capability allows sending arbitrary API requests to Recruitee through Membrane — a powerful feature that can read, modify, or delete data if used with the user's credentials.
Install Mechanism
No install spec in the skill bundle itself; the README tells users to run 'npm install -g @membranehq/cli'. Installing a global npm package is a common mechanism but has moderate risk (package install scripts run on install, modifies global environment). The package comes from the public npm registry which is expected for this purpose — users should review the package or use a controlled environment if concerned.
Credentials
The skill requests no environment variables or credentials in its manifest. Authentication is delegated to Membrane (interactive browser flow). This matches the described behavior and does not ask for unrelated secrets.
Persistence & Privilege
The skill is instruction-only, has no 'always' flag, and does not request persistent system-level changes in its files. It does require installing the Membrane CLI (user-controlled) but does not demand elevated privileges in the skill manifest.
Assessment
This skill is coherent: it delegates auth and API calls to the Membrane CLI and does not request secrets itself. Before installing, review the @membranehq/cli package (npm page, source repo) or install it in a sandbox/VM to verify behavior. Be aware that once connected, Membrane can issue arbitrary Recruitee API calls (including destructive ones like delete-candidate) using your account — grant least privilege on the Recruitee side and confirm which connector scopes are requested during authentication. If you cannot review the CLI, consider creating a dedicated Membrane/Recruitee account with limited permissions for integration testing.Like a lobster shell, security has layers — review code before you run it.
latestvk975z48ss2yzwr39qxtfwca9td842k5s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.