bamboohr-cost-tuning

Optimizes BambooHR integration costs by reducing API requests and monitoring usage patterns for efficient operations.

Install this skill

or

32/100

Security score

The bamboohr-cost-tuning skill was audited on May 19, 2026 and we found 20 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 74

Template literal with variable interpolation in command context

SourceSKILL.md

74	const key = `${call.method} ${call.endpoint}`;

medium line 79

Template literal with variable interpolation in command context

SourceSKILL.md

79	console.log(`Total calls: ${this.callLog.length}`);

medium line 80

Template literal with variable interpolation in command context

SourceSKILL.md

80	console.log(`Time window: ${((Date.now() - this.callLog[0]?.timestamp \|\| 0) / 1000 / 60).toFixed(1)} minutes`);

medium line 84

Template literal with variable interpolation in command context

SourceSKILL.md

84	console.log(` ${count.toString().padStart(5)} (${pct}%) ${endpoint}`);

medium line 106

Template literal with variable interpolation in command context

SourceSKILL.md

106	`/employees/changed/?since=${lastSync}`);

medium line 186

Template literal with variable interpolation in command context

SourceSKILL.md

186	console.warn(`Request budget exhausted. Waiting ${(waitMs / 1000).toFixed(0)}s`);

medium line 92

Webhook reference - potential data exfiltration

SourceSKILL.md

92	Pattern 1: Replace polling with webhooks

low line 101

Webhook reference - potential data exfiltration

SourceSKILL.md

101	// GOOD: Use webhooks for real-time changes (0 polling calls)

low line 102

Webhook reference - potential data exfiltration

SourceSKILL.md

102	// See bamboohr-webhooks-events skill

low line 107

Webhook reference - potential data exfiltration

SourceSKILL.md

107	// Only process if webhook missed something

low line 134

Webhook reference - potential data exfiltration

SourceSKILL.md

134	// GOOD: Cache with webhook-based invalidation

low line 147

Webhook reference - potential data exfiltration

SourceSKILL.md

147	// Invalidate on webhook

low line 148

Webhook reference - potential data exfiltration

SourceSKILL.md

148	function onWebhookReceived() {

medium line 234

Webhook reference - potential data exfiltration

SourceSKILL.md

234	- Polling replaced with webhooks where possible

medium line 237

Webhook reference - potential data exfiltration

SourceSKILL.md

237	- Caching with webhook-based invalidation

medium line 243

Webhook reference - potential data exfiltration

SourceSKILL.md

243	\| Webhooks vs polling \| 288/day \| 24/day (safety net) \| 92% \|

medium line 253

Webhook reference - potential data exfiltration

SourceSKILL.md

253	\| Stale cached data \| Cache TTL too long \| Reduce TTL or invalidate on webhook \|

medium line 254

Webhook reference - potential data exfiltration

SourceSKILL.md

254	\| Webhook delivery gaps \| BambooHR delivery failure \| Keep hourly polling as fallback \|

low line 259

External URL reference

SourceSKILL.md

259	- [BambooHR Pricing](https://www.bamboohr.com/pricing)

low line 260

External URL reference

SourceSKILL.md

260	- [BambooHR API Technical Overview](https://documentation.bamboohr.com/docs/api-details)

Scanned on May 19, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categoryhr

UpdatedJune 13, 2026

claude-code api hr-generalist business-process-analyst operations-manager bamboohr hr operations

jeremylongshore/claude-code-plugins-plus-skills