camino-query

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a shell script (scripts/query.sh) to execute curl and jq for API interaction. Analysis of the script shows that it correctly uses jq's URI encoding functionality (| @uri) to sanitize user-provided query parameters before interpolating them into the curl command, effectively preventing shell injection attacks.
  • [DATA_EXFILTRATION]: The skill transmits natural language queries and location data to https://api.getcamino.ai. This is the documented primary endpoint for the service and is consistent with the skill's stated purpose of providing location intelligence. The use of the CAMINO_API_KEY environment variable is a standard and safe practice for managing service authentication.
  • [EXTERNAL_DOWNLOADS]: Installation instructions reference the author's official GitHub repository (github.com/barneyjm/camino-skills) and the clawhub utility. These are standard installation vectors for this platform and do not involve untrusted third-party code execution at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:16 AM
Security Audit — agent-trust-hub — camino-query