leapfin

SUSPICIOUS. The skill is largely coherent with its stated purpose and uses a same-org official npm CLI, so this is not strong malware evidence. However, it mediates Leapfin access through Membrane-hosted auth and actions instead of direct official service endpoints, and it relies on unpinned external CLI execution; that makes the skill medium risk and suspicious rather than benign.