camino-places
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the runtime behavior fits a place-lookup skill and sends data to the expected Camino API, but the install path relies on an unverified personal GitHub repo and encourages transitive installation of many more skills. The main risk is supply-chain trust and expanded agent trust, not confirmed credential theft or malicious data exfiltration.
Confidence: 87%Severity: 76%
Audit Metadata