Personio Recruiting
Security checks across malware telemetry and agentic risk
Overview
The skill is aligned with Personio Recruiting, but it gives broad authenticated access to run direct Personio API requests, including write/delete methods, without clear guardrails.
Install only if you trust Membrane and are comfortable connecting it to Personio Recruiting. Treat read-only queries differently from changes: require explicit approval for any create, update, patch, or delete request, and review the exact API endpoint and payload before allowing the agent to run it.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could make broad changes to Personio Recruiting records if a user authorizes the connection and asks for—or the agent infers—an action involving data changes.
The skill documents a broad authenticated API escape hatch, including write and delete methods, without visible limits or confirmation requirements for high-impact recruiting-data changes.
“you can send requests directly to the Personio Recruiting API through Membrane's proxy” ... “HTTP method (GET, POST, PUT, PATCH, DELETE)”
Require explicit user approval before POST, PUT, PATCH, or DELETE requests; prefer narrowly scoped discovered actions; review the exact endpoint, payload, and expected effect before running proxy commands.
The connected account may allow reading or changing recruiting data such as candidates, job offers, requisitions, schedules, or templates.
The integration requires delegated Membrane/Personio authentication and ongoing credential refresh, which is expected for this service but sensitive.
“Membrane handles authentication and credentials refresh automatically” and “membrane login --tenant --clientName=<agentType>”
Use the least-privileged Personio/Membrane account available, confirm the connection scope, and revoke the connection when it is no longer needed.
Installing the latest global CLI means future package changes could affect what runs locally.
The skill relies on installing/running the latest Membrane CLI from npm rather than a pinned version. This is central to the stated integration but leaves behavior dependent on the current package.
“npm install -g @membranehq/cli@latest” and “npx @membranehq/cli@latest action list”
Install only from a trusted npm registry, verify the package publisher, and consider pinning or reviewing the CLI version in controlled environments.
Candidate and hiring data may pass through Membrane infrastructure as part of normal use.
Personio API traffic and authentication handling are routed through Membrane as a gateway. This is disclosed and purpose-aligned, but it affects sensitive recruiting data boundaries.
“send requests directly to the Personio Recruiting API through Membrane's proxy” and “injects the correct authentication headers”
Confirm Membrane’s privacy, retention, and compliance posture before using this with sensitive applicant or HR data.