marriott

搜索并预订万豪旅享家酒店（marriott.com.cn）。当用户提到酒店搜索、万豪预订、查找入住等需求时调用。

This skill appears to do what it claims (automated search and booking on marriott.com.cn) but takes actions that expose broad browser session data. Key risks: (1) it connects to your Chrome via remote debugging (CDP), which can see open pages and cookies across that browser profile; (2) it dumps all cookies from the connected context into cookies.json in the skill folder — these may include session tokens for other sites; (3) the README suggests copying your Default Chrome Cookies file, which exposes sensitive data. Before installing/using: - Do not use your primary/default Chrome profile; create and use a dedicated profile containing only the Marriott login. - Avoid copying the entire Cookies file from your default profile; prefer signing in manually in the dedicated profile. - Inspect cookies.json before sharing it and delete cookies.json (and any saved Cookies file copies) after use. - Do not put your raw password in .env; the scripts do not use it. - If you are uncomfortable exposing other browser sessions, consider performing the booking manually on the Marriott site instead of granting CDP access. If you want higher assurance, ask the author to: limit cookies collected to marriott.com only (pass domain to context.cookies), remove instructions that copy Default Cookies, and eliminate .env fields that request passwords.

Type: OpenClaw Skill Name: marriott Version: 1.0.0 The skill is suspicious due to a critical shell injection vulnerability identified in `SKILL.md`. User-provided `$ARGUMENTS` are directly passed to `bash` commands (e.g., `node "$HOME/.claude/skills/marriott/skill-search.js" $ARGUMENTS`), which could allow an attacker to execute arbitrary commands on the host machine if the OpenClaw agent does not perform robust input sanitization. While the core functionality of automating Marriott bookings via Playwright appears legitimate, this vulnerability poses a significant risk of unauthorized command execution.