camino-journey

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl and jq via the scripts/journey.sh script to perform API requests and process responses. The script validates that input is properly formatted JSON before execution.
  • [EXTERNAL_DOWNLOADS]: Installation instructions refer to the author's GitHub repository (github.com/barneyjm/camino-skills) and the clawhub tool. These sources align with the skill's authorship.
  • [DATA_EXFILTRATION]: Waypoint coordinates and purpose descriptions, along with the CAMINO_API_KEY, are sent to api.getcamino.ai. This is the intended operation for the skill and utilizes the vendor's official domain.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:16 AM
Security Audit — agent-trust-hub — camino-journey