camino-query
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell script (
scripts/query.sh) to executecurlandjqfor API interaction. Analysis of the script shows that it correctly usesjq's URI encoding functionality (| @uri) to sanitize user-provided query parameters before interpolating them into thecurlcommand, effectively preventing shell injection attacks. - [DATA_EXFILTRATION]: The skill transmits natural language queries and location data to
https://api.getcamino.ai. This is the documented primary endpoint for the service and is consistent with the skill's stated purpose of providing location intelligence. The use of theCAMINO_API_KEYenvironment variable is a standard and safe practice for managing service authentication. - [EXTERNAL_DOWNLOADS]: Installation instructions reference the author's official GitHub repository (
github.com/barneyjm/camino-skills) and theclawhubutility. These are standard installation vectors for this platform and do not involve untrusted third-party code execution at runtime.
Audit Metadata