Could some of the 'solutions' to Dark Skippy result in worse security tradeoffs?
Using anti-kepto with the current solution requires exposing the signer to USB, the hardware may not be able to verify the nonce, and there's no Core implementation.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 breaks down the issues.