Identity Resolver

This skill appears to implement what it claims (canonicalizing user IDs) and its runtime behavior is mostly local to your workspace, but take these precautions before installing: - Do NOT run curl | sh on a third-party URL without inspection. The docs recommend installing 'uv' by piping https://astral.sh/uv/install.sh to sh — inspect that script manually or install uv from a vetted source instead. - Verify package origin: the registry metadata lists the source as unknown but SKILL.md/package.json reference a GitHub repo. Confirm the repository URL, review repo history, and verify checksums/signatures before trusting the bundle. - Review USER.md usage: the skill auto-registers owner numbers found in USER.md. If your workspace is shared or contains untrusted files, an attacker could make themselves an 'owner' by editing USER.md. Keep workspace permissions tight. - Inspect identity-map storage and permissions: identity data is stored under data/identity-map.json (or memory/). Ensure appropriate filesystem permissions and backups if needed. - Run the bundled tests locally in an isolated environment. Note: some unit test assertions in the provided tests look odd (potential copy/paste errors), which reduces confidence in the test suite — running them locally will reveal any problems. If you want to proceed: clone the repository from the asserted GitHub URL, inspect the repo (especially the install docs and any scripts), run tests locally, and avoid automated remote install scripts until you verify them.