camino-parking-finder

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installation instructions involve downloading content from GitHub (github.com/barneyjm/camino-skills) and using npm/npx to install tools. These are standard procedures for skill deployment and originate from the skill's author.
  • [COMMAND_EXECUTION]: The skill utilizes a shell script (scripts/parking-finder.sh) to perform its core logic. The script validates input using jq and uses curl to make API requests. All commands are executed within a controlled scope and do not exhibit dangerous execution patterns.
  • [DATA_EXFILTRATION]: The skill transmits search parameters (query, latitude, longitude) and a user-provided API key to the vendor's official API (api.getcamino.ai). This communication is necessary for the skill's primary function of providing parking information and does not constitute unauthorized exfiltration.
  • [CREDENTIALS_UNSAFE]: The skill uses an environment variable CAMINO_API_KEY for authentication, which is the recommended practice for managing secrets in this environment. No hardcoded credentials were found.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:15 AM
Security Audit — agent-trust-hub — camino-parking-finder