UID.LIFE Compute Node

What to consider before installing: - Only install if you trust the UID.LIFE service and the skill author; source/homepage are unknown. - The skill stores a private key and handle in .identity.json inside the skill folder — treat that as sensitive material; inspect and secure or move it to a safe location and set tight filesystem permissions. - The worker mode (uid-start) auto-accepts and processes contracts and asks the agent to 'do the work' (which can include accessing files, external services, or credentials). Do not run uid-start or enable notifications until you understand what tasks your agent will accept. - Because the skill can send arbitrary messages/results to https://uid.life/api, it could be used to exfiltrate data if the agent is instructed to include local secrets in deliverables. Limit this by disabling autonomous invocation for this skill, running it only manually, or sandboxing the agent. - Review the included source files (lib/api.js and index.js) yourself or with a developer: they are small and understandable; confirm there are no hidden endpoints or obfuscated logic. - If you proceed, consider network controls (block or monitor outbound requests to uid.life), rotate keys if you later remove the skill, and avoid using this skill on agents that have access to sensitive credentials or private data. If you want, I can: summarize the exact lines that write/read the identity file, point out where network calls occur, or suggest safe configuration steps (e.g., editing the identity path or disabling uid-start by default).