Skip to main content
Glama
yessGlory17

JobVerify

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
check_emailA

Assess a recruiter's email: disposable domain, free provider, MX records, and (if given) whether it matches the claimed company's domain.

Use when: you have the sender's email address. Returns a risk-scored result (red/yellow/green) with findings.

check_domainA

Look up domain registration via RDAP and assess its age. Freshly registered domains posing as established companies are a strong scam signal.

Use when: you have a company website, job-portal link, or email domain.

check_ipA

Check an IP against local blocklists (FireHOL abuse aggregate + Tor exit list) and identify its ASN/org/country (iptoasn) with a hosting/datacenter heuristic. No API key. Blocklisted or datacenter IPs are red flags.

Use when: you have an originating IP (e.g. from email headers).

check_phoneA

Validate a phone number (offline, libphonenumber): validity, type (mobile/VoIP/premium), region, carrier. VoIP/invalid numbers are red flags.

Use when: a recruiter gives a phone/WhatsApp number.

check_urlA

Check a URL/domain against local phishing + malware blocklists — no API key. Uses Phishing.Database (~390k phishing domains) and the URLhaus recent feed (malware URLs). Any hit means high risk.

Use when: the offer contains a link (application portal, form, download).

check_waybackA

Check the Internet Archive history of a URL (e.g. a LinkedIn profile or company site). A missing or very recent first snapshot suggests a new page. This is the legal proxy for 'account age' since LinkedIn hides creation dates.

Use when: you have a profile/company URL and want an age lower-bound.

fetch_archived_pageA

Fetch the archived TEXT of a page from the Internet Archive (no key). This is the legal way to read a LinkedIn profile/company page — it reads the web.archive.org snapshot, NOT LinkedIn live. Returns the extracted text plus the snapshot date so you can evaluate the recruiter's headline/company or a company page's about text.

Use when: you have a LinkedIn (or company) URL and want to evaluate its content.

verify_companyA

Search the global LEI database (GLEIF, no API key) for a company name. A match with ACTIVE status is strong evidence the entity is real. Note that only entities with an LEI are listed, so 'no match' is weak evidence.

Use when: a company name is claimed in the offer.

check_crypto_addressA

Check a BTC/EVM crypto address against open scam databases (no key). Any request to pay or receive crypto for a job is itself a major red flag; a listed address is a strong fraud signal.

Use when: extract_entities found a crypto address in the message.

check_scam_patternsA

Scan message text for known recruiter/job-scam tactics (offline, no key): advance fee, fake check, equipment purchase, task scam, reshipping, crypto payment, personal-docs-early, off-platform push, urgency, no-interview offer.

Use when: you have the raw offer text and want deterministic TTP hits.

check_certificate_transparencyA

Look up a domain's SSL certificate history via crt.sh (no key). A cert first seen only days ago = fresh phishing infrastructure; a long history and many subdomains = established. Complements check_domain (RDAP age).

Use when: you have a company/link domain and want infra age corroboration.

find_lookalike_domainsA

Generate typo/homoglyph/TLD permutations of a REAL brand domain and return the ones that actually resolve in DNS (no key). Live look-alikes are prime fake-recruiter / phishing infrastructure.

Use when: you know the real company domain and want to hunt impersonators.

check_email_footprintA

Check an email's public Gravatar profile & linked social accounts (no key). An established identity is a mild legitimacy signal; a throwaway scam address usually has none. Corroborate the linked accounts against the recruiter.

Use when: you want a quick digital-footprint read on a sender's email.

check_usernameA

Check a username/handle across GitHub, Reddit and Keybase (no key). Reveals online history and (via GitHub) account age. A handle that exists nowhere is a sock-puppet signal. For broader coverage, also web-search the username.

Use when: you have a recruiter's handle/username to vet.

search_company_newsA

Search regional/local news for a company via Google News RSS (no key). Especially useful for SMALL companies that GLEIF/SEC don't cover: a real firm usually has some press footprint in its region, and any headline flagging it as a scam/fraud is decisive.

IMPORTANT: determine the company's ACTUAL country FIRST (from its stated HQ address, its website's ccTLD, its GLEIF jurisdiction, or a web search) and pass it as country (or pass company_domain to infer it). Do NOT rely on a default region — searching the wrong country hides real local coverage and a "no news" result then means nothing.

Use when: verifying a small/local company beyond registries.

verify_addressA

Geocode a physical address via OpenStreetMap (no key) and assess whether it resolves and is a business vs residential location. A company 'HQ' that does not resolve, or resolves to a house, is a red flag.

Use when: an offer lists a company address to verify.

check_github_orgA

Verify a company's GitHub organization (no key): whether it exists, its age, repo count, and whether its website matches the company domain. A real tech company usually has a GitHub org linking back to its site; a scam rarely does.

Use when: the company claims to build software/tech.

extract_entitiesA

Parse a raw recruiter message into structured entities (offline, no key): emails, domains, URLs, LinkedIn URLs, phone numbers, IPs, crypto addresses, and off-platform (WhatsApp/Telegram) mentions. Run this FIRST, then feed each entity to the specific check_* tools so nothing is missed.

Use when: you have a raw message/offer and want the entities to investigate.

parse_email_headersA

Analyze raw email headers for spoofing (offline, no key): SPF/DKIM/DMARC results, From vs Return-Path vs Reply-To mismatches (reply-hijacking), and the real originating IP (feed it to check_ip).

Use when: the user can paste the full raw headers of a suspicious email.

check_domain_authA

Check a domain's SPF and DMARC DNS records (no key). A domain with no SPF and weak/absent DMARC (p=none) is trivially spoofable — so a 'recruiter' email from it is easy to fake. Strong DMARC + SPF means hard to impersonate.

Use when: you have the sender's / company's domain.

check_typosquattingA

Detect lookalike / typosquatting / homograph domains (offline, no key): brand embedded with extra words ('google-careers'), near-miss typos ('linkedln'), IDN/punycode confusables, and high-abuse TLDs ('.top').

Use when: you have a domain and a real brand it might be impersonating.

Prompts

Interactive templates invoked by user choice

NameDescription
analyzeOne entry point: analyze anything scam-related — a pasted recruiter message/offer, a company name, a person/handle, a URL, or email headers. The agent auto-detects what it's given and runs the right tools.

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/yessGlory17/job-verify'

If you have feedback or need assistance with the MCP directory API, please join our Discord server