southwest

SUSPICIOUS. The skill’s core function is coherent with fare scraping, but it relies on anti-detection browser evasion, a third-party container/image chain, and optional forwarding of Southwest account credentials into that code. Data flow is mostly direct to southwest.com with no obvious exfiltration endpoint, so this is not confirmed malware, but it is a high-trust automation skill with meaningful supply-chain and credential-handling risk.