leapcat-portfolio

SUSPICIOUS: The stated purpose and commands are coherent for a portfolio-view skill, but trust in the required `leapcat` CLI is not verifiable from the available evidence. Because the skill depends on an opaque external binary for authentication and financial data access, the main issue is supply-chain and data-handling risk rather than confirmed malicious behavior.