bamboohr-automation

SUSPICIOUS: The skill’s capabilities match its stated BambooHR automation purpose, and the MCP endpoint appears to be an official Composio/Rube service rather than a random installer. However, sensitive HR data and auth flow are routed through a third-party intermediary instead of directly to BambooHR, and the setup instructions understate current authentication requirements. This is not confirmed malware, but it carries meaningful privacy and service-trust risk disproportionate to a simple 'no keys needed' setup claim.