travel-planner

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script scripts/travel-planner.sh that uses curl and jq to interact with the Camino AI API.
  • Evidence: The script includes dependency checks for jq and curl and validates that the user-provided input is valid JSON before processing.
  • Evidence: The script correctly quotes variables to prevent common shell injection issues.
  • [EXTERNAL_DOWNLOADS]: The documentation references external resources for installation and setup.
  • Evidence: Installation instructions point to the author's GitHub repository (github.com/barneyjm/camino-skills) and the clawhub utility.
  • Evidence: The skill provides a method for users to obtain a trial API key by sending their email to https://api.getcamino.ai/trial/start.
  • [DATA_EXFILTRATION]: The skill transmits waypoint data and an authentication token to a remote API.
  • Evidence: JSON-formatted itinerary data and the CAMINO_API_KEY are sent to https://api.getcamino.ai/journey. This is the documented and intended behavior for the skill's operation.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication securely.
  • Evidence: The skill uses the CAMINO_API_KEY environment variable as specified in the YAML frontmatter and documentation, avoiding hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 11:14 PM
Security Audit — agent-trust-hub — travel-planner