Clawhub Krump Verify

This SKILL.md looks like a genuine guide for using Krump Verify on Story Aeneid, but it documents actions that require private keys, relayer secrets, and deployment credentials even though the registry lists no required environment variables. Before installing or allowing an agent to use this skill: - Do not paste or upload private keys (RELAYER_PRIVATE_KEY, deployer keys) into the agent or skill. Prefer delegated signing (user wallet popups, hardware wallets, or a dedicated signing service with limited scope). - If you must use a relayer, review the relayer code (local or at the published URL) and run it yourself or use a trusted hosted relayer. Do not hand over a long‑lived private key unless you understand and accept the risk. - Prefer the receipt/EVVM flow so the agent consumes existing receipts rather than holding persistent funds or allowances. Keep allowances minimal (approve only the exact verificationFee). - Ask the skill author to update registry metadata to declare required env vars and to include explicit safety guidance (what secrets are needed, minimum permissions, and whether the agent ever stores secrets). - For deployments or any on‑chain writes, test on a sandbox/testnet and verify the default contract addresses before using mainnet funds. Because of the mismatch between declared requirements and the SKILL.md's secret‑handling instructions, treat this skill as suspicious until the author clarifies credential requirements and provides safer signing/relayer options.