This would be disturbing if that were the only way forward. For 5 years running, our pool’s pledge address private key has never seen the other side of an air gap.
Unless I’ve misunderstood, to claim with a dApp we’d have to load the private key into an Eternl wallet synced with the chain: i.e. on a machine & browser having Internet access. 