Generect API
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Generect API wrapper for lead and email lookup, with expected API-key and external-service use that users should review before enabling.
Before installing, confirm you trust Generect with the API key and the lead/company/email queries you submit. If using MCP, prefer a pinned reviewed package or trusted remote endpoint, and treat email validation as deliverability—not as consent or legal permission to send outreach.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may consume Generect API credits and expose user-submitted lead, company, or email queries to the Generect service.
The wrapper uses the user's Generect API key for authenticated requests. This is expected for the service, but it means usage is tied to the user's Generect account and quota.
AUTH="Authorization: Token ${GENERECT_API_KEY:?Set GENERECT_API_KEY}"Use a dedicated Generect API key if possible, monitor usage, and avoid submitting data you do not want processed by Generect.
If the optional MCP path is used, npm package updates could alter behavior without the skill artifacts changing.
The optional local MCP setup uses an unpinned npm package at the latest version. This is user-directed and purpose-aligned, but the code fetched by npx could change over time.
Local: `npx -y generect-ultimate-mcp@latest` with env `GENERECT_API_KEY`
Prefer a pinned, reviewed MCP package version before using the local MCP alternative.
Using the remote MCP option gives the remote MCP service access to the Generect API credential and related tool requests.
The skill documents an optional remote MCP integration that would send an authorization token to a remote MCP endpoint and expose Generect tools through that channel.
Remote: `mcp-remote https://mcp.generect.com/mcp --header "Authorization: Bearer Token API_KEY"`
Only use the remote MCP option if you trust the provider endpoint and are comfortable sending the API token through that integration.
A user or agent might treat a valid email result as authorization to contact someone, even though validation does not address consent, legality, or outreach policy.
The phrase could be over-read as a broad safety or compliance claim, although in context it appears to refer to email deliverability.
Email finder uses AI permutations + validation; `valid` results are safe to send
Treat validation results as technical deliverability information only and apply your own outreach, consent, and compliance checks.