book-hotel

SUSPICIOUS: the skill’s core booking/payment purpose is coherent, but it enables real-money autonomous action, executes mutable external CLIs, chains into other skills, sends guest data to a non-obvious backend, and hardcodes an author reward wallet/agent ID. This is not confirmed malware, but it is high-risk and should only run with strong user-confirmation controls and trusted dependency verification.