Recruitly CRM
ReviewAudited by ClawScan on May 1, 2026.
Overview
This looks like a disclosed Recruitly CRM connector, but it requires a Recruitly OAuth token and can access sensitive recruiting data through a remote MCP server.
This skill appears purpose-aligned for Recruitly CRM access. Before installing, verify that the MCP endpoint is officially operated by Recruitly, use a least-privileged token/account where possible, and avoid bringing sensitive candidate or business data into chats unless your organization permits it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything with access to this token may be able to read Recruitly CRM data visible to the user's account.
The skill requires a bearer OAuth token for the user's Recruitly account, which is expected for this integration but grants account-level access through the MCP server.
"Authorization": "Bearer ${RECRUITLY_TOKEN}"Use the least-privileged Recruitly account or token available, keep the token out of shared logs and chats, and revoke or rotate it if it may have been exposed.
Candidate, contact, job, pipeline, or team-performance information may be processed through the remote MCP service and exposed in the agent's conversation context.
The skill routes CRM requests through a remote MCP endpoint, so recruiting queries and returned CRM data cross the agent-to-provider boundary.
"baseUrl": "https://mcp.recruitly.dev/mcp"
Install only if you trust the Recruitly MCP endpoint, avoid unnecessary sensitive queries, and review your organization's privacy and retention expectations for CRM data used in chat.
A user who does not verify the publisher and endpoint could grant CRM-token access to a connector they have not confirmed is official.
The registry metadata does not identify the source publisher; because the setup uses a remote MCP endpoint and a bearer token, provenance should be verified before use.
Source: unknown
Confirm the skill, endpoint, and token setup from Recruitly's official documentation before entering or exporting the token.