didit-database-validation

This skill is documentation and helper material for a third-party identity validation API (Didit). Functionality and requested permissions align with the stated purpose: validating national ID numbers and associated PII against government databases. There is no evidence of covert malicious behavior, obfuscation, or download-execute supply-chain patterns. The primary risks are privacy and credential exposure: it sends sensitive PII and an API key to Didit's endpoints (a necessary behavior for this task), and it documents a programmatic registration flow that returns an api_key which must be handled securely. Integrators should treat this as a privacy-sensitive integration: validate Didit's domains, follow secure secret handling, enforce TLS and logging hygiene, confirm legal/regulatory consent for PII transfer, and restrict storage/retention of results. No indicators of malware or hidden exfiltration were found in the provided text.