Bamboohr
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real BambooHR/Membrane integration, but it asks for broad HR-system authority without clear limits, approvals, or least-privilege guidance.
Install only if you trust Membrane and are allowed to connect it to BambooHR. Use a least-privileged BambooHR account, verify the exact BambooHR domain before connecting, pin or review the CLI if possible, and require explicit user approval before any action that changes employee, payroll, compensation, benefits, applicant, approval, email, or workflow data.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could be guided to use broad BambooHR actions against employee, payroll, benefits, or workflow data without the user seeing a clear safety boundary.
The skill exposes a dynamic action-selection workflow for BambooHR rather than a bounded set of safe operations. Because the stated purpose includes managing HRIS records and workflows, the artifacts do not clearly prevent or require approval for high-impact HR actions.
Use action names and parameters as needed. ... membrane action list --connectionId=CONNECTION_ID --intent "QUERY" --limit 10 --json
Use only with explicit user confirmation for any create, update, delete, approval, email, payroll, compensation, or workflow action; prefer a documented allowlist of read-only or approved actions.
The agent or user may create or use an unintended connection or connector, increasing the chance of authorizing the wrong app or an unexpectedly broad action surface.
The connection target is blank in the documented command, and the instructions allow automatic connector creation. For a sensitive BambooHR integration, this makes the setup boundary unclear.
membrane connection ensure "" --json ... If no app is found, one is created and a connector is built automatically.
Require the exact BambooHR domain or app identifier before connecting, and do not proceed with automatically created connectors unless the user verifies the target and permissions.
A connected account may expose or modify sensitive employee, payroll, benefits, applicant, or compensation data beyond what a specific task needs.
The skill requires delegated authentication for a high-sensitivity HR system, but the artifacts do not specify least-privilege BambooHR roles, OAuth scopes, credential lifetime, or revocation boundaries.
Membrane handles authentication and credentials refresh automatically ... BambooHR is an HRIS platform ... manage employee data, payroll, benefits, and other HR functions.
Connect with a least-privileged BambooHR account, review the requested permissions, and revoke the Membrane connection when it is no longer needed.
The installed CLI version can change over time, so future installs may run different code than what the skill author tested.
The setup step installs a global CLI package at the latest version. This is central to the skill's purpose and user-directed, but it is unpinned and not represented by an install spec.
npm install -g @membranehq/cli@latest
Install from a trusted npm source, consider pinning a reviewed version, and keep the CLI updated through normal package-management controls.
Employee and HR data may pass through or be accessible via the Membrane integration layer, depending on the connection and actions used.
BambooHR access and data are mediated through the Membrane service. This is disclosed and purpose-aligned, but it is a third-party integration path for sensitive HR data.
This skill uses the Membrane CLI to interact with BambooHR. Membrane handles authentication and credentials refresh automatically
Confirm that your organization permits Membrane to broker BambooHR access, and avoid sending unnecessary sensitive HR data through the integration.