Back to skill

Security audit

Context

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate location-context API helper, but it sends precise location and the full request body to a third-party service with weak disclosure and scoping.

Review before installing if you may use home/work locations, school or child-related searches, travel plans, or other sensitive context. Use only the fields needed for the request, avoid adding private notes to the input, and confirm you trust Camino's API and data handling practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no explicit permissions, yet its documentation and metadata indicate it shells out to external binaries (`curl`, `jq`) and performs network requests. This creates a transparency and consent problem: users and reviewers are not clearly informed that the skill executes shell-based operations and sends data off-host, which can lead to unreviewed external data transmission.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends precise location coordinates, optional contextual prompts, and possibly weather-related query data to a third-party API, but the description does not prominently warn users about this external transmission. This is dangerous because location and contextual data can be sensitive, and users may unknowingly disclose travel patterns, meeting locations, or personal interests to a remote service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits user-supplied precise latitude/longitude and surrounding context parameters to a third-party remote service without any built-in notice, consent prompt, or minimization. In a location-context skill, this data flow is functionally expected, but it still creates a real privacy risk because precise location can reveal sensitive habits, workplaces, homes, or live whereabouts if used without explicit disclosure.

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Make API request
curl -s -X POST \
    -H "X-API-Key: $CAMINO_API_KEY" \
    -H "Content-Type: application/json" \
    -H "X-Client: claude-code-skill" \
Confidence
93% confidence
Finding
curl -s -X POST \ -H "X-API-Key: $CAMINO_API_KEY" \ -H "Content-Type: application/json" \ -H "X-Client: claude-code-skill" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Content-Type: application/json" \
    -H "X-Client: claude-code-skill" \
    -d "$INPUT" \
    "https://api.getcamino.ai/context" | jq .
Confidence
90% confidence
Finding
https://api.getcamino.ai/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.