leapcat-ipo

SUSPICIOUS. The stated purpose matches the commands, but the skill's trust model is weak: it centers on an unverifiable `leapcat` binary that handles authentication and real financial transactions. Because the CLI provenance could not be verified and it receives credentials while enabling IPO subscribe/cancel actions, the skill presents high security risk even without confirmed malware.