leap

SUSPICIOUS. The skill is not overtly malicious and uses an official npm-distributed CLI from the same vendor, but its actual footprint is only partially aligned with its stated purpose. It routes authentication and all Leap operations through Membrane as an intermediary, and the documented actions do not match the claimed org/project/user management scope. Main risks are third-party mediation, mutable global install, and dynamic action creation expanding capability beyond the static description.