KYC Vault

This skill's behavior (reading manifest.json and uploading identity documents) matches its stated purpose, but there are important mismatches and risks you should consider before installing: - The SKILL.md expects the skill/agent to access ~/identity-vault/ and to control a browser to upload files, but the registry metadata did not declare any required config paths or binaries. Ask the publisher or platform: how does the agent obtain permission to access your filesystem and browser? Are the in-chat confirmation prompts enforced by the platform or just guidelines the skill 'should' follow? - The skill will work with highly sensitive personal data (full name, DOB, passport images, etc.). Only use if you are certain the agent/process that executes skills runs locally and does not leak files to external servers. Review the platform's privacy model and logs. - Test first with dummy data: create a fake ~/identity-vault/ and manifest.json containing non-sensitive placeholders and run the flow against a non-production URL to confirm the agent prompts for every file and domain as promised. - Inspect manifest.json and the vault contents yourself before allowing any uploads, and never use this skill until you confirm the platform enforces the explicit confirmation steps (domain confirmation, per-file approval, final submit). If the platform cannot or does not enforce those prompts, do not store real identity documents in ~/identity-vault/ or use this skill. If you want, I can draft questions to ask the skill author or the platform operator to clarify the missing declarations (config paths, required capabilities) and how confirmations are enforced.