camino-journey
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqvia thescripts/journey.shscript to perform API requests and process responses. The script validates that input is properly formatted JSON before execution. - [EXTERNAL_DOWNLOADS]: Installation instructions refer to the author's GitHub repository (
github.com/barneyjm/camino-skills) and theclawhubtool. These sources align with the skill's authorship. - [DATA_EXFILTRATION]: Waypoint coordinates and purpose descriptions, along with the
CAMINO_API_KEY, are sent toapi.getcamino.ai. This is the intended operation for the skill and utilizes the vendor's official domain.
Audit Metadata