manage-booking

SUSPICIOUS: the skill’s stated purpose is coherent, but it relies on an unverified third-party npm CLI run at `@latest` and forwards booking-related personal data through that code with no transparent API destination. This is a moderate supply-chain and credential-forwarding risk rather than confirmed malware.