marriott
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill can control a logged-in Chrome session, persist browser cookies, bypass Marriott bot checks, and submit a real hotel booking, so it needs careful review before use.
Install only if you are comfortable letting the skill control a logged-in Marriott browser session and potentially submit a real booking. Use a separate Chrome profile, do not copy your main browser cookies, close the remote-debugging browser afterward, delete cookies.json and cached results after use, and manually verify room, rate, cancellation, and payment details before any final reservation.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local cookies.json file may contain session cookies that allow account access, and the skill can act as the logged-in Marriott user.
The script connects to the user's browser context and writes the full cookie set it retrieves to cookies.json; this is not limited in code to Marriott cookies.
const freshCookies = await ctx.cookies(); fs.writeFileSync(path.join(__dirname, 'cookies.json'), JSON.stringify(freshCookies, null, 2));
Use only a dedicated temporary Chrome profile for Marriott, restrict saved cookies to marriott.com.cn, declare this credential/session requirement clearly, and delete cookies after use.
After confirmation, the skill may place a real booking using the account's saved payment method, potentially creating charges, cancellation penalties, or unwanted reservations.
The booking script attempts to choose a payment option and then click the final reservation button.
if (radios.length > 0) { radios[0].click(); return 'radio:' + (radios[0].id || radios[0].name); }
...
button:has-text("立即预订")Require a final human review on the Marriott checkout page, show the exact cancellation/payment terms, and consider leaving the final booking click to the user.
This may violate Marriott's anti-automation controls and could increase account lock, fraud-review, or service-access risk.
The guide explicitly says the skill uses a real user's Chrome session to bypass Akamai bot detection.
skill 通过连接真实用户 Chrome 绕过此检测
Prefer official booking flows or manual booking. Do not use stealth or bot-protection bypass techniques unless the service explicitly permits them.
Sensitive session data and booking state can remain on disk after the task, and stale or modified local state could affect later booking actions.
The guide documents persistent cookie storage that is reused by later room-search and booking steps.
`cookies.json` | search 后保存的 Cookie,供 rooms/book 使用
Add clear retention limits, delete cookies and cached booking files after each task, and verify current hotel/rate details directly before submitting a booking.
If untrusted text is passed into $ARGUMENTS, shell metacharacters could potentially change the command that is executed.
The documented Bash command appends raw user arguments without shell quoting.
node "$HOME/.claude/skills/marriott/skill-search.js" $ARGUMENTS
Avoid raw shell interpolation; pass parsed arguments safely, quote every value, or use a JSON/stdin interface.
Installing the skill may download and run third-party package installation logic.
Setup downloads Node dependencies and a browser runtime, which is expected for Playwright automation but is not reflected in a formal install spec.
npm install # 安装 Playwright Chromium npx playwright install chromium
Review package.json/package-lock.json, install in an isolated environment, and ensure the registry metadata declares required binaries and setup steps.