Server data from the Official MCP Registry
Hiring-intent signals for B2B sales/GTM: turn live job postings into buying signals.
Hiring-intent signals for B2B sales/GTM: turn live job postings into buying signals.
Remote endpoints: sse: https://hiresignal-mcp-production-d4d9.up.railway.app/sse
HireSignal is a well-structured MCP server with proper authentication, rate limiting, and input validation. The codebase demonstrates good security practices including constant-time key comparison, secure token handling, and parameterized SQL queries. However, there are concerns around open mode deployment safety and minor logging practices that warrant attention. Supply chain analysis found 11 known vulnerabilities in dependencies (2 critical, 3 high severity).
5 files analyzed · 18 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
From the project's GitHub README.
Turn live job postings into buying signals your AI agent can call.
When a company posts for a VP Sales, RevOps Manager, or Data Security Analyst, it's telling you it has a pain and an approved budget — typically 60–90 days before it starts researching vendors. HireSignal is an MCP server that surfaces those hiring signals so your sales/GTM agent can find in-market accounts, score them, and time outreach.
Plug it into Claude, Cursor, Cline, or Windsurf and ask:
Also works for recruiting intel, comp benchmarking, and market research — but it's built sales-first.
The server speaks the Model Context Protocol over SSE so it can be hosted remotely (Railway, Fly, anywhere with HTTPS).
A live instance is running with a shared, rate-limited demo key. Point any MCP client at:
URL: https://hiresignal-mcp-production-d4d9.up.railway.app/sse
Header: Authorization: Bearer hs_demo_0b25932234553fd38b571f12c1439bfd
The demo key is heavily rate-limited and shares a small monthly data quota — expect
QUOTA_EXHAUSTEDduring busy periods. For a dedicated key with higher limits, get in touch.
| Tool | What it does |
|---|---|
search_jobs | Find live postings matching a role/skill in a location and recency window. |
company_hiring_velocity | Total roles + 7d / 30d adds + department mix + growing/stable/shrinking signal for one company. |
skill_demand_pulse | Week-over-week demand trend for a skill, with avg disclosed salary and top hiring companies. |
market_salary_estimate | p25 / median / p75 for a job title + location + seniority, plus remote premium. |
industry_hiring_heatmap | Per-department open-role counts and % change for an industry vertical. |
competitor_talent_intel | Compare up to 5 companies side by side on open roles, top titles, and growth signal. |
job_alert_check | Poll for new postings since N hours ago. Designed for cron / agent loops. |
get_server_status | Health snapshot: version, uptime, configured providers, corpus stats, cache size. |
For a curated set of high-value accounts, HireSignal doesn't resell aggregated data — it
scrapes each company's own ATS (Greenhouse / Ashby / Lever / Workday) directly and stores a
time-series of every posting in a local SQLite file. That makes company_hiring_velocity
a real signal (roles added and closed over time, with the company's actual posted dates),
returns data_source: "first_party_ats", costs nothing per query, and — because the value is
the accumulating history — is the one thing a competitor can't backfill.
npm run build && npm run ingest # ~50 companies, ~12k open roles, ~$0
The server can keep this fresh itself (set INGEST_INTERVAL_HOURS + a persistent
HIRESIGNAL_CORPUS_PATH). Companies outside the corpus transparently fall back to the
aggregator. Full design, schema, and how to add companies: CORPUS.md.
Set these environment variables on the server (Railway → Variables, or .env locally):
SERPAPI_KEY=... # https://serpapi.com — used by search_jobs, job_alert_check
JSEARCH_RAPIDAPI_KEY=... # https://rapidapi.com/letscrape-6bRBa3QguO5/api/jsearch
HIRESIGNAL_API_KEYS=k1,k2 # comma-separated allowlist of client keys
PORT=3000 # default
# First-party corpus (optional but recommended — see CORPUS.md)
HIRESIGNAL_CORPUS_PATH=./data/corpus.db # SQLite corpus location (use a volume in prod)
INGEST_INTERVAL_HOURS=6 # if set, server self-ingests on boot + interval
A data source must be available: either an ingested corpus (npm run ingest) or a provider
key. get_server_status reports "ok" when the corpus is active or a key is set, and
"degraded" when there is neither.
HIRESIGNAL_API_KEYS accepts one or more comma-separated keys (or use HIRESIGNAL_API_KEY for a single key). If neither is set the server runs in open mode — it logs a startup warning and accepts unauthenticated calls, which is convenient for local dev but must not be used in any deployment exposed to the network.
npm install
cp .env.example .env # fill in keys
npm run dev # tsx watch
# → http://localhost:3000/sse
# → http://localhost:3000/health
Production build:
npm run build
npm start
npm install -g @railway/cli
railway login
railway init
railway up
# then set SERPAPI_KEY and JSEARCH_RAPIDAPI_KEY in the Railway dashboard
railway.json wires up Nixpacks, the npm ci && npm run build step, and /health for health checks.
Claude Desktop's stable config supports stdio MCP servers natively and remote (SSE) servers via the mcp-remote bridge. Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"hiresignal": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://your-hiresignal.up.railway.app/sse",
"--header",
"Authorization: Bearer YOUR_HIRESIGNAL_API_KEY"
]
}
}
}
Restart Claude Desktop. The 8 HireSignal tools will appear in the tools menu.
Open Cursor → Settings → MCP → "Add new MCP server":
{
"mcpServers": {
"hiresignal": {
"url": "https://your-hiresignal.up.railway.app/sse",
"headers": {
"Authorization": "Bearer YOUR_HIRESIGNAL_API_KEY"
}
}
}
}
Both support remote SSE MCP servers. Point them at https://your-hiresignal.up.railway.app/sse with the same Authorization: Bearer … header.
Most clients only need the SSE URL above. If a client requires stdio, point it at the mcp-remote bridge as in the Claude Desktop example.
Authorization: Bearer …, x-api-key, or ?api_key=… (prefer the header — query params end up in proxy/access logs). The presented key is SHA-256 digested and compared in constant time against the digests of every key in HIRESIGNAL_API_KEYS. Unknown or missing keys get a 401 with {"code": "AUTH_FAILED"}. Only the first 16 hex chars of the digest are logged, never the key itself. The /messages POST endpoint re-checks the key on every call and rejects it if the session was opened under a different key, so a leaked sessionId is not enough to take over a session.{ "code": "RATE_LIMITED", "retry_after_seconds": N }.(query, location, date_posted) tuple to protect upstream quota. job_alert_check always bypasses the cache.{ "code": "QUOTA_EXHAUSTED", "retry_after_seconds": N, "hint": "hiresignal.io/pricing" }.npm test # vitest run with mocked upstream APIs
npm run typecheck
MIT.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.