bamboohr-cost-tuning

Optimizes BambooHR integration costs by reducing API calls and monitoring usage patterns for efficient operations.

Install this skill

or

32/100

Security score

The bamboohr-cost-tuning skill was audited on Jun 3, 2026 and we found 20 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 66

Template literal with variable interpolation in command context

SourceSKILL.md

66	const key = `${call.method} ${call.endpoint}`;

medium line 71

Template literal with variable interpolation in command context

SourceSKILL.md

71	console.log(`Total calls: ${this.callLog.length}`);

medium line 72

Template literal with variable interpolation in command context

SourceSKILL.md

72	console.log(`Time window: ${((Date.now() - this.callLog[0]?.timestamp \|\| 0) / 1000 / 60).toFixed(1)} minutes`);

medium line 76

Template literal with variable interpolation in command context

SourceSKILL.md

76	console.log(` ${count.toString().padStart(5)} (${pct}%) ${endpoint}`);

medium line 98

Template literal with variable interpolation in command context

SourceSKILL.md

98	`/employees/changed/?since=${lastSync}`);

medium line 178

Template literal with variable interpolation in command context

SourceSKILL.md

178	console.warn(`Request budget exhausted. Waiting ${(waitMs / 1000).toFixed(0)}s`);

medium line 84

Webhook reference - potential data exfiltration

SourceSKILL.md

84	Pattern 1: Replace polling with webhooks

low line 93

Webhook reference - potential data exfiltration

SourceSKILL.md

93	// GOOD: Use webhooks for real-time changes (0 polling calls)

low line 94

Webhook reference - potential data exfiltration

SourceSKILL.md

94	// See bamboohr-webhooks-events skill

low line 99

Webhook reference - potential data exfiltration

SourceSKILL.md

99	// Only process if webhook missed something

low line 126

Webhook reference - potential data exfiltration

SourceSKILL.md

126	// GOOD: Cache with webhook-based invalidation

low line 139

Webhook reference - potential data exfiltration

SourceSKILL.md

139	// Invalidate on webhook

low line 140

Webhook reference - potential data exfiltration

SourceSKILL.md

140	function onWebhookReceived() {

medium line 226

Webhook reference - potential data exfiltration

SourceSKILL.md

226	- Polling replaced with webhooks where possible

medium line 229

Webhook reference - potential data exfiltration

SourceSKILL.md

229	- Caching with webhook-based invalidation

medium line 235

Webhook reference - potential data exfiltration

SourceSKILL.md

235	\| Webhooks vs polling \| 288/day \| 24/day (safety net) \| 92% \|

medium line 245

Webhook reference - potential data exfiltration

SourceSKILL.md

245	\| Stale cached data \| Cache TTL too long \| Reduce TTL or invalidate on webhook \|

medium line 246

Webhook reference - potential data exfiltration

SourceSKILL.md

246	\| Webhook delivery gaps \| BambooHR delivery failure \| Keep hourly polling as fallback \|

low line 251

External URL reference

SourceSKILL.md

251	- [BambooHR Pricing](https://www.bamboohr.com/pricing)

low line 252

External URL reference

SourceSKILL.md

252	- [BambooHR API Technical Overview](https://documentation.bamboohr.com/docs/api-details)

Scanned on Jun 3, 2026

View Security Dashboard

Installation guide →

GitHub Stars 47

Rate this skill

Categoryhr

UpdatedJune 13, 2026

claude-code api hr-generalist business-process-analyst operations-manager bamboohr hr operations

ComeOnOliver/skillshub