[KomoD]

> I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories.

> I wasn’t able to confirm that this is what actually happens

So it's a baseless accusation, you can see exactly what happens.

[tgrecojs]

"baseless accusation" is wild. have you not observed the result of 99.999999999999999999999% of emails that randomly tell people you are eligible for receiving some token allocation?