chase-travel

The skill's stated purpose and core capability are broadly aligned: it automates Chase portal searches without booking. The main risk is trust, not hidden purpose: it asks for highly sensitive bank credentials and MFA input, then routes them through third-party anti-detection browser automation and optionally an unpinned third-party Docker image. That makes the skill suspicious and high-risk to use, though not confirmed malware.