JobVerify
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| check_emailA | Assess a recruiter's email: disposable domain, free provider, MX records, and (if given) whether it matches the claimed company's domain. Use when: you have the sender's email address. Returns a risk-scored result (red/yellow/green) with findings. |
| check_domainA | Look up domain registration via RDAP and assess its age. Freshly registered domains posing as established companies are a strong scam signal. Use when: you have a company website, job-portal link, or email domain. |
| check_ipA | Check an IP against local blocklists (FireHOL abuse aggregate + Tor exit list) and identify its ASN/org/country (iptoasn) with a hosting/datacenter heuristic. No API key. Blocklisted or datacenter IPs are red flags. Use when: you have an originating IP (e.g. from email headers). |
| check_phoneA | Validate a phone number (offline, libphonenumber): validity, type (mobile/VoIP/premium), region, carrier. VoIP/invalid numbers are red flags. Use when: a recruiter gives a phone/WhatsApp number. |
| check_urlA | Check a URL/domain against local phishing + malware blocklists — no API key. Uses Phishing.Database (~390k phishing domains) and the URLhaus recent feed (malware URLs). Any hit means high risk. Use when: the offer contains a link (application portal, form, download). |
| check_waybackA | Check the Internet Archive history of a URL (e.g. a LinkedIn profile or company site). A missing or very recent first snapshot suggests a new page. This is the legal proxy for 'account age' since LinkedIn hides creation dates. Use when: you have a profile/company URL and want an age lower-bound. |
| fetch_archived_pageA | Fetch the archived TEXT of a page from the Internet Archive (no key). This is the legal way to read a LinkedIn profile/company page — it reads the web.archive.org snapshot, NOT LinkedIn live. Returns the extracted text plus the snapshot date so you can evaluate the recruiter's headline/company or a company page's about text. Use when: you have a LinkedIn (or company) URL and want to evaluate its content. |
| verify_companyA | Search the global LEI database (GLEIF, no API key) for a company name. A match with ACTIVE status is strong evidence the entity is real. Note that only entities with an LEI are listed, so 'no match' is weak evidence. Use when: a company name is claimed in the offer. |
| check_crypto_addressA | Check a BTC/EVM crypto address against open scam databases (no key). Any request to pay or receive crypto for a job is itself a major red flag; a listed address is a strong fraud signal. Use when: extract_entities found a crypto address in the message. |
| check_scam_patternsA | Scan message text for known recruiter/job-scam tactics (offline, no key): advance fee, fake check, equipment purchase, task scam, reshipping, crypto payment, personal-docs-early, off-platform push, urgency, no-interview offer. Use when: you have the raw offer text and want deterministic TTP hits. |
| check_certificate_transparencyA | Look up a domain's SSL certificate history via crt.sh (no key). A cert first seen only days ago = fresh phishing infrastructure; a long history and many subdomains = established. Complements check_domain (RDAP age). Use when: you have a company/link domain and want infra age corroboration. |
| find_lookalike_domainsA | Generate typo/homoglyph/TLD permutations of a REAL brand domain and return the ones that actually resolve in DNS (no key). Live look-alikes are prime fake-recruiter / phishing infrastructure. Use when: you know the real company domain and want to hunt impersonators. |
| check_email_footprintA | Check an email's public Gravatar profile & linked social accounts (no key). An established identity is a mild legitimacy signal; a throwaway scam address usually has none. Corroborate the linked accounts against the recruiter. Use when: you want a quick digital-footprint read on a sender's email. |
| check_usernameA | Check a username/handle across GitHub, Reddit and Keybase (no key). Reveals online history and (via GitHub) account age. A handle that exists nowhere is a sock-puppet signal. For broader coverage, also web-search the username. Use when: you have a recruiter's handle/username to vet. |
| search_company_newsA | Search regional/local news for a company via Google News RSS (no key). Especially useful for SMALL companies that GLEIF/SEC don't cover: a real firm usually has some press footprint in its region, and any headline flagging it as a scam/fraud is decisive. IMPORTANT: determine the company's ACTUAL country FIRST (from its stated HQ
address, its website's ccTLD, its GLEIF jurisdiction, or a web search) and
pass it as Use when: verifying a small/local company beyond registries. |
| verify_addressA | Geocode a physical address via OpenStreetMap (no key) and assess whether it resolves and is a business vs residential location. A company 'HQ' that does not resolve, or resolves to a house, is a red flag. Use when: an offer lists a company address to verify. |
| check_github_orgA | Verify a company's GitHub organization (no key): whether it exists, its age, repo count, and whether its website matches the company domain. A real tech company usually has a GitHub org linking back to its site; a scam rarely does. Use when: the company claims to build software/tech. |
| extract_entitiesA | Parse a raw recruiter message into structured entities (offline, no key): emails, domains, URLs, LinkedIn URLs, phone numbers, IPs, crypto addresses, and off-platform (WhatsApp/Telegram) mentions. Run this FIRST, then feed each entity to the specific check_* tools so nothing is missed. Use when: you have a raw message/offer and want the entities to investigate. |
| parse_email_headersA | Analyze raw email headers for spoofing (offline, no key): SPF/DKIM/DMARC results, From vs Return-Path vs Reply-To mismatches (reply-hijacking), and the real originating IP (feed it to check_ip). Use when: the user can paste the full raw headers of a suspicious email. |
| check_domain_authA | Check a domain's SPF and DMARC DNS records (no key). A domain with no SPF and weak/absent DMARC (p=none) is trivially spoofable — so a 'recruiter' email from it is easy to fake. Strong DMARC + SPF means hard to impersonate. Use when: you have the sender's / company's domain. |
| check_typosquattingA | Detect lookalike / typosquatting / homograph domains (offline, no key): brand embedded with extra words ('google-careers'), near-miss typos ('linkedln'), IDN/punycode confusables, and high-abuse TLDs ('.top'). Use when: you have a domain and a real brand it might be impersonating. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| analyze | One entry point: analyze anything scam-related — a pasted recruiter message/offer, a company name, a person/handle, a URL, or email headers. The agent auto-detects what it's given and runs the right tools. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/yessGlory17/job-verify'
If you have feedback or need assistance with the MCP directory API, please join our Discord server