I wouldn’t trust it. I got the same email as OP and checked it out. I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories. I wasn’t able to confirm that this is what actually happens, but it is definitely fishy.
If they genuinely wanted proof of account ownership there are other ways to do it. OAuth, for example.
> I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories.
> I wasn’t able to confirm that this is what actually happens
So it's a baseless accusation, you can see exactly what happens.
"baseless accusation" is wild. have you not observed the result of 99.999999999999999999999% of emails that randomly tell people you are eligible for receiving some token allocation?
If they genuinely wanted proof of account ownership there are other ways to do it. OAuth, for example.