bamboohr-hello-world

Provides a minimal working example for integrating with BambooHR API to fetch employee data and run reports.

Install this skill

or

22/100

Security score

The bamboohr-hello-world skill was audited on May 19, 2026 and we found 22 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 39

Template literal with variable interpolation in command context

SourceSKILL.md

39	const BASE = `https://api.bamboohr.com/api/gateway.php/${COMPANY}/v1`;

medium line 40

Template literal with variable interpolation in command context

SourceSKILL.md

40	const AUTH = `Basic ${Buffer.from(`${API_KEY}:x`).toString('base64')}`;

medium line 43

Template literal with variable interpolation in command context

SourceSKILL.md

43	const dirRes = await fetch(`${BASE}/employees/directory`, {

medium line 48

Template literal with variable interpolation in command context

SourceSKILL.md

48	console.log(`Company has ${directory.employees.length} employees`);

medium line 50

Template literal with variable interpolation in command context

SourceSKILL.md

50	console.log(` ${emp.displayName} — ${emp.jobTitle} (${emp.department})`);

medium line 83

Template literal with variable interpolation in command context

SourceSKILL.md

83	`${BASE}/employees/123/?fields=firstName,lastName,jobTitle,department,hireDate,workEmail,status`,

medium line 88

Template literal with variable interpolation in command context

SourceSKILL.md

88	console.log(`${employee.firstName} ${employee.lastName}`);

medium line 89

Template literal with variable interpolation in command context

SourceSKILL.md

89	console.log(` Title: ${employee.jobTitle}`);

medium line 90

Template literal with variable interpolation in command context

SourceSKILL.md

90	console.log(` Dept: ${employee.department}`);

medium line 91

Template literal with variable interpolation in command context

SourceSKILL.md

91	console.log(` Hired: ${employee.hireDate}`);

medium line 92

Template literal with variable interpolation in command context

SourceSKILL.md

92	console.log(` Email: ${employee.workEmail}`);

medium line 111

Template literal with variable interpolation in command context

SourceSKILL.md

111	const reportRes = await fetch(`${BASE}/reports/custom?format=JSON`, {

medium line 128

Template literal with variable interpolation in command context

SourceSKILL.md

128	console.log(`Report: ${report.title} — ${report.employees.length} rows`);

medium line 130

Template literal with variable interpolation in command context

SourceSKILL.md

130	console.log(` ${row.firstName} ${row.lastName} \| ${row.department}`);

low line 37

Access to .env file

SourceSKILL.md

37	const COMPANY = process.env.BAMBOOHR_COMPANY_DOMAIN!;

low line 38

Access to .env file

SourceSKILL.md

38	const API_KEY = process.env.BAMBOOHR_API_KEY!;

low line 3

Unicode escape sequences

SourceSKILL.md

3	description: "Create a minimal working BambooHR example \u2014 fetch employee directory\

low line 39

External URL reference

SourceSKILL.md

39	const BASE = `https://api.bamboohr.com/api/gateway.php/${COMPANY}/v1`;

low line 72

External URL reference

SourceSKILL.md

72	"photoUrl": "https://..."

low line 143

External URL reference

SourceSKILL.md

143	BASE = f"https://api.bamboohr.com/api/gateway.php/{COMPANY}/v1"

low line 179

External URL reference

SourceSKILL.md

179	- [BambooHR Field Names Reference](https://documentation.bamboohr.com/docs/list-of-field-names)

low line 180

External URL reference

SourceSKILL.md

180	- [BambooHR API Technical Overview](https://documentation.bamboohr.com/docs/api-details)

Scanned on May 19, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categoryhr

UpdatedJune 10, 2026

claude-code api hr-generalist hr-analyst business-process-analyst bamboohr hr operations

jeremylongshore/claude-code-plugins-plus-skills