camino-safety-checker
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script (
scripts/safety-checker.sh) that executescurlandjq. These tools are used to validate input, construct JSON payloads, and process API responses. This execution is scoped to the skill's primary function of querying a location API. - [EXTERNAL_DOWNLOADS]: Installation instructions reference fetching code from the author's GitHub repository (
github.com/barneyjm/camino-skills) usingnpx. This is the documented method for deploying the Camino AI skill suite. - [DATA_EXFILTRATION]: The skill transmits location coordinates (latitude and longitude) and a search radius to the vendor's API endpoint (
api.getcamino.ai). This operation requires theCAMINO_API_KEYenvironment variable for authentication, which is the standard mechanism for this service. No access to sensitive local files or unauthorized network destinations was detected.
Audit Metadata