leapcat-auth

SUSPICIOUS. The skill’s functions match its stated authentication purpose, but it relies on an unverified external `leapcat` CLI and sends sensitive authentication material to that black-box binary. With no confirmed official install source or documented data path, the supply-chain and credential-forwarding risk is high even without direct evidence of malware.