camino-safety-checker

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script (scripts/safety-checker.sh) that executes curl and jq. These tools are used to validate input, construct JSON payloads, and process API responses. This execution is scoped to the skill's primary function of querying a location API.
  • [EXTERNAL_DOWNLOADS]: Installation instructions reference fetching code from the author's GitHub repository (github.com/barneyjm/camino-skills) using npx. This is the documented method for deploying the Camino AI skill suite.
  • [DATA_EXFILTRATION]: The skill transmits location coordinates (latitude and longitude) and a search radius to the vendor's API endpoint (api.getcamino.ai). This operation requires the CAMINO_API_KEY environment variable for authentication, which is the standard mechanism for this service. No access to sensitive local files or unauthorized network destinations was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:16 AM
Security Audit — agent-trust-hub — camino-safety-checker