camino-parking-finder
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installation instructions involve downloading content from GitHub (github.com/barneyjm/camino-skills) and using npm/npx to install tools. These are standard procedures for skill deployment and originate from the skill's author.
- [COMMAND_EXECUTION]: The skill utilizes a shell script (
scripts/parking-finder.sh) to perform its core logic. The script validates input usingjqand usescurlto make API requests. All commands are executed within a controlled scope and do not exhibit dangerous execution patterns. - [DATA_EXFILTRATION]: The skill transmits search parameters (query, latitude, longitude) and a user-provided API key to the vendor's official API (
api.getcamino.ai). This communication is necessary for the skill's primary function of providing parking information and does not constitute unauthorized exfiltration. - [CREDENTIALS_UNSAFE]: The skill uses an environment variable
CAMINO_API_KEYfor authentication, which is the recommended practice for managing secrets in this environment. No hardcoded credentials were found.
Audit Metadata