ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Leapcat Skills

v0.1.1

Trade stocks, subscribe to IPOs, manage wallet, complete KYC, and access real-time market data via AI agent. 7 skills for the Leapcat platform.

0· 57·0 current·0 all-time
by@raymondxu813-finance
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the seven sub-skills (auth, kyc, market, trading, wallet, portfolio, ipo) match the commands shown. Required capabilities (Node.js, auth via email/OTP, local token storage) are consistent with a trading/finance CLI.
Instruction Scope
Runtime instructions are specific: they tell the agent to run npx leapcat@0.1.1 commands. The docs only upload local files when the user supplies explicit file paths, and they name the local token file (~/.config/leapcat/tokens.json). The instructions do not directly tell the agent to scan arbitrary local files, but they do cause the agent to execute CLI commands that may read or write those paths if invoked.
!
Install Mechanism
There is no declared install spec, but the SKILL.md requires running npx leapcat@0.1.1 which will fetch and execute code from the npm registry at runtime. Although the version is pinned (0.1.1), npx still runs external package code when invoked — this is a moderate supply-chain risk because the package code is not included for review here.
Credentials
The skill requests no environment variables (authentication uses email/OTP) which is proportionate. However the CLI stores JWT access/refresh tokens at ~/.config/leapcat/tokens.json; any agent-run commands could access that file. The skill does not ask for unrelated credentials, which is good, but the local token file is sensitive and worth protecting.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes. The only persistent artifact named is the CLI's token file in the user's config directory; that behavior is expected for a remote-account CLI.
What to consider before installing
This skill appears to be what it says (a CLI wrapper for Leapcat trading, KYC, wallet, and market data) but it relies on running 'npx leapcat@0.1.1' at runtime. npx will fetch and execute package code from npm — even though the version is pinned, the package itself is not included here for review. Before installing/using: 1) Review the npm package and its GitHub repo (the SKILL.md points to them) to inspect the code that will run. 2) Avoid running CLI commands that expose sensitive local files unless you know what the command does; uploaded KYC documents and ~/.config/leapcat/tokens.json are sensitive. 3) Prefer installing the CLI into a controlled environment (sandbox, VM, or container) and inspect the package contents, or vendor the package after auditing, instead of having an agent run npx directly. 4) If you will let the agent invoke this skill autonomously, be aware the agent could run any npx command the SKILL.md permits; limit autonomous usage or review logs/commands. Additional info that would change this assessment: the verified npm package contents or a full package tarball/Git commit hash matching the claimed repo (so the runtime code can be audited).

Like a lobster shell, security has layers — review code before you run it.

latestvk97d8ws6qm53s84qn3pajc847h841kca

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments