Safety Report

Real Estate Intelligence

Name: Real Estate Intelligence
Rating: 5 (6 reviews)
Author: James-southendsolutions

Evaluate any address for home buyers and renters. Get nearby schools, transit, grocery stores, parks, restaurants, and walkability using Camino AI's location...

436Downloads

2Installs

6Stars

2Versions

API Integration4,971 E-Commerce1,690 Maps & Geolocation980

Security Analysis

high confidence

Clean0.04 risk

The skill's code, instructions, and requested credential (CAMINO_API_KEY) match its stated purpose of querying Camino AI location APIs and nothing in the package appears disproportionate or covert.

Feb 17, 20262 files1 concern

Purpose & Capabilityok

Name/description, required environment variable (CAMINO_API_KEY), and referenced endpoints (api.getcamino.ai) align with a location-intelligence/real-estate evaluator. Declared binaries (curl, jq) are appropriate for the included shell script.

Instruction Scopeok

SKILL.md and scripts instruct only: accept JSON input, optionally geocode an address, call Camino's /query and /context endpoints, and output JSON. They do not instruct reading unrelated local files or contacting unexpected endpoints. The README suggests storing the API key in ~/.claude/settings.json (user action) which is expected for convenience but is a local secret storage choice to be considered by the user.

Install Mechanismnote

The registry has no automated install spec (instruction-only skill with an included script). SKILL.md suggests using npx to fetch a third-party GitHub repo or clawhub; fetching code from an external repo is common but users should verify the repo's authenticity before running install commands.

Credentialsok

Only one credential (CAMINO_API_KEY) is required and it's the expected API key for the Camino API used by the script. No other secrets or unrelated environment variables are requested.

Persistence & Privilegeok

The skill does not request always:true and does not modify other skills or system-wide settings. It runs as an on-demand script and only uses the declared API key and network calls to Camino's API.

Guidance

This skill appears coherent and limited to calling Camino's public APIs. Before installing: 1) Confirm the GitHub repo (https://github.com/barneyjm/camino-skills) is trustworthy and review any code there; 2) Prefer using a trial or limited-scope API key first and monitor usage; 3) Be cautious when storing the API key in ~/.claude/settings.json—ensure that file is protected and you understand where your agent stores secrets; 4) If you need stricter isolation, run the provided shell script locally and inspect it (it only calls api.getcamino.ai) rather than installing unreviewed packages. If you expect the skill to do anything beyond geocoding and context queries, do not install it until reviewed further.

Latest Release

v0.2.0

- Added curl and jq as required binaries in the skill's metadata. - No functional or usage changes; documentation now explicitly lists binary dependencies.

Popular Skills

A Stock Monitor

@jame-mei-ltp · 24 stars

AIOps Agent

@jame-mei-ltp · 3 stars

Okx Dex Market

@ok-james-01 · 0 stars

Okx Dex Swap

@ok-james-01 · 0 stars

Okx Dex Token

@ok-james-01 · 0 stars

Okx Wallet Portfolio

@ok-james-01 · 0 stars

Published by @James-southendsolutions on ClawHub