ClawHub
Back to skill
v0.1.0

Safety Checker for a location

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:46 AM.

Analysis

This skill appears purpose-aligned, but users should understand it sends location details to Camino's API and requires a Camino API key.

GuidanceThis skill looks coherent for late-night location safety checks. Before installing, be comfortable storing a Camino API key in your Claude settings and sending selected latitude/longitude locations to Camino's API. Install the specific safety-checker skill rather than the whole suite unless you actually want the additional skills.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
npx skills add https://github.com/barneyjm/camino-skills

The installation instructions include user-directed remote installation via npx/GitHub and also recommend installing the full Camino skill suite; this is disclosed but broadens what a user may install.

User impactFollowing the broader install instructions could add more skills than just this safety checker.
RecommendationInstall only the specific skill you need and review the repository or package source before installing the full companion suite.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
"requires":{"env":["CAMINO_API_KEY"]},"primaryEnv":"CAMINO_API_KEY"

The skill requires a Camino API key, which is expected for accessing the Camino service but gives the skill access to use the user's Camino API quota/account.

User impactAnyone using the skill must provide a Camino API key, and calls made by the skill may count against that account or trial quota.
RecommendationUse a dedicated or trial API key if possible, keep it out of chats and shared files, and rotate it if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
scripts/safety-checker.sh
-d "$CONTEXT_BODY" \
    "https://api.getcamino.ai/context"

The script sends the user-provided latitude, longitude, radius, and safety context to an external Camino API endpoint; this is core to the skill's purpose but involves sharing location data.

User impactPrecise locations, such as a hotel, home, transit stop, or current area, may be transmitted to Camino's service.
RecommendationOnly use the skill for locations you are comfortable sharing with Camino, and review Camino's privacy practices if the location is sensitive.