camino-journey
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill's API use and credential scope are coherent with journey planning, and data flows go to the official Camino domain. However, the recommended installation path relies on an unpinned third-party GitHub repo from a personal account and encourages bulk companion-skill installation, creating a disproportionate transitive trust and supply-chain risk.
Confidence: 90%Severity: 74%
Audit Metadata