identity-verification-didit

SUSPICIOUS: the skill’s stated purpose is Didit identity verification, but its actual implementation routes credentials and very sensitive KYC/AML data through Gooseworks proxy endpoints rather than Didit’s official API. The npm-based Gooseworks CLI path appears somewhat legitimate, so this is not confirmed malware, but the intermediary data flow and direct credential-file reading are disproportionate and risky for the claimed integration.