travel-planner
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script
scripts/travel-planner.shthat usescurlandjqto interact with the Camino AI API. - Evidence: The script includes dependency checks for
jqandcurland validates that the user-provided input is valid JSON before processing. - Evidence: The script correctly quotes variables to prevent common shell injection issues.
- [EXTERNAL_DOWNLOADS]: The documentation references external resources for installation and setup.
- Evidence: Installation instructions point to the author's GitHub repository (
github.com/barneyjm/camino-skills) and theclawhubutility. - Evidence: The skill provides a method for users to obtain a trial API key by sending their email to
https://api.getcamino.ai/trial/start. - [DATA_EXFILTRATION]: The skill transmits waypoint data and an authentication token to a remote API.
- Evidence: JSON-formatted itinerary data and the
CAMINO_API_KEYare sent tohttps://api.getcamino.ai/journey. This is the documented and intended behavior for the skill's operation. - [CREDENTIALS_UNSAFE]: The skill manages authentication securely.
- Evidence: The skill uses the
CAMINO_API_KEYenvironment variable as specified in the YAML frontmatter and documentation, avoiding hardcoded secrets.
Audit Metadata