I don't know anything, but here's what GPT has to say:
The raw shared secret generated from ECDH should not be used directly as a cryptographic key for a couple of reasons:
Predictability: The raw shared secret's value range can be somewhat predictable, especially the beginning and end parts of the secret. This predictability can reduce the entropy of the secret, making it a less secure choice for cryptographic operations.
Purpose Differentiation: Without some form of derivation or hashing, the same shared secret will always lead to the same key. This can be problematic if you need different keys for different purposes (e.g., encryption vs. authentication).
To mitigate these concerns, it's a common and recommended practice to use a key derivation function (KDF) after obtaining the ECDH shared secret. The KDF can use cryptographic hash functions, like SHA-256 or SHA-3, to derive a more uniform and unpredictable key from the shared secret.