ClawHub

Bamboohr

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate BambooHR integration, but it gives an agent broad authenticated access to sensitive HR records and write-capable API paths without strong user-control guidance.

Install only if you intentionally want an agent connected to your BambooHR tenant through Membrane. Use the least-privileged BambooHR account available, verify the tenant and connection ID, require explicit review before creating or updating HR records, avoid raw proxy requests unless necessary, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill’s invocation description is very broad for a high-sensitivity HR integration, which increases the chance the agent will invoke it for routine HR-related prompts without sufficient user confirmation or scoping. Because BambooHR can expose and modify employee records, overbroad routing can lead to unnecessary access to sensitive personnel data or unintended administrative actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises access to HRIS data, records, and workflows, including record creation and updates, but does not warn about the sensitivity of employee data or the consequences of modifying HR records. In an HR context, this omission is significant because employee data commonly includes PII, compensation, benefits, and employment status, and accidental changes can have legal, payroll, or privacy consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Documenting a generic proxy request capability to the BambooHR API materially expands what the agent can do beyond the listed curated actions, including arbitrary reads and writes, without corresponding safety guidance. In a sensitive HR system, this makes misuse more dangerous because an agent could access undocumented endpoints, alter records, or exfiltrate employee data with fewer built-in constraints.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal