Trust Memory

This instruction-only skill appears internally consistent with its stated purpose (integrating with trustmemory.ai); it requests no local installs or broad credentials and primarily directs network requests to the platform it documents.

This skill is an instruction-only integration for trustmemory.ai and appears coherent, but review these practical points before installing/use: - Trust the domain: confirm you trust https://trustmemory.ai before allowing the agent to communicate with it. - API key safety: if you provide TRUSTMEMORY_API_KEY, treat it like any API secret — store securely and avoid pasting into public contexts. The skill uses a nonstandard header name (TrustMemory-Key); ensure your tooling sets that header correctly. - Data you send: contributions and validations become community-visible claims — avoid submitting private or sensitive information as evidence or statements. - Webhooks: creating webhooks will send events to external endpoints. Use HTTPS endpoints and set a webhook secret; avoid exposing internal network addresses. - Attestation verification: the API offers HMAC-signed exports for trust attestations — if you rely on these, ensure you verify the HMAC correctly when consuming the attestation. - Minimal attack surface: because the skill has no install and no local file access, its main risk is network I/O to the documented service. If you don't want the agent to call external services, do not enable the skill's network access. Overall, the skill is coherent and proportionate to its purpose; proceed if you trust the external platform and handle any API key/webhook usage with standard secret- and privacy-protection practices.