Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
marriott
v1.0.0搜索并预订万豪旅享家酒店(marriott.com.cn)。当用户提到酒店搜索、万豪预订、查找入住等需求时调用。
⭐ 0· 338·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and SKILL.md match the stated purpose (search → select → rooms → book on marriott.com.cn), using Playwright + a Chrome instance to bypass Akamai. Requiring a logged-in browser session and remote debugging is explainable for this site. However the skill reads/writes full browser cookies (ctx.cookies()) and suggests copying the Chrome Default Cookies file, which is broader than strictly necessary to access only Marriott credentials.
Instruction Scope
Runtime instructions and scripts instruct the user to start Chrome with remote debugging and to copy a Cookies file from the default profile; the scripts call chromium.connectOverCDP to attach to the running Chrome and then dump all context cookies to cookies.json. That gives the skill access to all cookies and pages in that browser context (not only Marriott) and instructs users to copy sensitive profile files — both exceed the narrow scope of 'search and book Marriott'.
Install Mechanism
There is no platform install spec in the registry (instruction-only), but the included setup.sh runs npm install and npx playwright install chromium. Installing Playwright and a local Chromium binary is standard for browser automation but does download / extract large native artifacts; this is expected for the stated functionality.
Credentials
The repository ships a .env file with MARRIOTT_EMAIL and MARRIOTT_PASSWORD variables, but the runtime code does not use those credentials (it relies on browser cookies). That both could encourage users to store credentials unnecessarily and indicates a mismatch. More seriously, the skill writes full cookies.json from the connected browser context (ctx.cookies()) into the skill folder — this may contain cookies for many sites and effectively exposes session tokens beyond Marriott.
Persistence & Privilege
The skill is not always-enabled and does not request elevated system configuration. It does, however, require and create local artifacts (cookies.json, selection.json, rooms-results.json, confirmation.json) in the skill directory. Connecting to Chrome via CDP grants the skill programmatic access to the running browser and its sessions during execution, which increases its blast radius compared with a purely API-based integration.
What to consider before installing
This skill appears to do what it claims (automated search and booking on marriott.com.cn) but takes actions that expose broad browser session data. Key risks: (1) it connects to your Chrome via remote debugging (CDP), which can see open pages and cookies across that browser profile; (2) it dumps all cookies from the connected context into cookies.json in the skill folder — these may include session tokens for other sites; (3) the README suggests copying your Default Chrome Cookies file, which exposes sensitive data. Before installing/using: - Do not use your primary/default Chrome profile; create and use a dedicated profile containing only the Marriott login. - Avoid copying the entire Cookies file from your default profile; prefer signing in manually in the dedicated profile. - Inspect cookies.json before sharing it and delete cookies.json (and any saved Cookies file copies) after use. - Do not put your raw password in .env; the scripts do not use it. - If you are uncomfortable exposing other browser sessions, consider performing the booking manually on the Marriott site instead of granting CDP access. If you want higher assurance, ask the author to: limit cookies collected to marriott.com only (pass domain to context.cookies), remove instructions that copy Default Cookies, and eliminate .env fields that request passwords.Like a lobster shell, security has layers — review code before you run it.
latestvk979x5g9jt4gvtcanghre31qwx821d63
License
MIT-0
Free to use, modify, and redistribute. No attribution required.