Recruitly CRM
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Recruitly CRM connector that uses a user-provided token to let an agent query CRM records through Recruitly's MCP endpoint.
Install this only if you trust Recruitly's MCP endpoint and are comfortable letting your agent access CRM data visible to your Recruitly account. Use a least-privileged account or token where possible, keep RECRUITLY_TOKEN out of shared logs and chats, and avoid pulling sensitive candidate or client data into conversations unless your organization allows it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.