Add 8 new integration skills + update README (39 skills total)

README.md

@@ -42,7 +42,7 @@ That's it. Your agent now has superpowers.
 
 ## Skills Included
 
-### Core (12 skills)
+### Core (15 skills)
 
 Methodology skills that work in any runtime. Adapted from [obra/superpowers](https://github.com/obra/superpowers) plus OpenClaw-specific additions.
 
@@ -60,8 +60,11 @@ Methodology skills that work in any runtime. Adapted from [obra/superpowers](htt
 | `skill-vetting` | Security scanner for ClawHub skills before installing | `vet.sh` |
 | `project-onboarding` | Crawls a new codebase to generate a `PROJECT.md` context file | `onboard.py` |
 | `fact-check-before-trust` | Secondary verification pass for factual claims before acting on them | — |
+| `skill-trigger-tester` | Scores a skill's description against sample prompts to predict trigger reliability | `test.py` |
+| `skill-conflict-detector` | Detects name shadowing and description-overlap conflicts between installed skills | `detect.py` |
+| `skill-portability-checker` | Validates OS/binary dependencies in companion scripts; catches non-portable calls | `check.py` |
 
-### OpenClaw-Native (18 skills)
+### OpenClaw-Native (23 skills)
 
 Skills that require OpenClaw's persistent runtime — cron scheduling, session state, or long-running execution. Not useful in session-based tools.
 
@@ -85,6 +88,11 @@ Skills that require OpenClaw's persistent runtime — cron scheduling, session s
 | `multi-agent-coordinator` | Manages parallel agent fleets: health checks, consistency, handoffs | — | ✓ | `run.py` |
 | `cron-hygiene` | Audits cron skills for session mode waste and token efficiency | Mondays 9am | ✓ | `audit.py` |
 | `channel-context-bridge` | Writes a resumé card at session end for seamless channel switching | — | ✓ | `bridge.py` |
+| `skill-doctor` | Diagnoses silent skill discovery failures — YAML errors, path violations, schema mismatches | — | ✓ | `doctor.py` |
+| `installed-skill-auditor` | Weekly post-install audit of all skills for injection, credentials, and drift | Mondays 9am | ✓ | `audit.py` |
+| `skill-loadout-manager` | Named skill profiles to manage active skill sets and prevent system prompt bloat | — | ✓ | `loadout.py` |
+| `skill-compatibility-checker` | Checks installed skills against the current OpenClaw version for feature compatibility | — | ✓ | `check.py` |
+| `heartbeat-governor` | Enforces per-skill execution budgets for cron skills; auto-pauses runaway skills | every hour | ✓ | `governor.py` |
 
 ### Community (1 skill)
 
@@ -104,7 +112,7 @@ Stateful skills commit a `STATE_SCHEMA.yaml` defining the shape of their runtime
 
 Skills marked with a script in the table above ship a small executable alongside their `SKILL.md`:
 
-- **Python scripts** (`run.py`, `audit.py`, `check.py`, `guard.py`, `bridge.py`, `onboard.py`, `sync.py`) — run directly to manipulate state, generate reports, or trigger actions. No extra dependencies required; `pyyaml` is optional but recommended.
+- **Python scripts** (`run.py`, `audit.py`, `check.py`, `guard.py`, `bridge.py`, `onboard.py`, `sync.py`, `doctor.py`, `loadout.py`, `governor.py`, `detect.py`, `test.py`) — run directly to manipulate state, generate reports, or trigger actions. No extra dependencies required; `pyyaml` is optional but recommended.
 - **`vet.sh`** — Pure bash scanner; runs on any system with grep.
 - Each script supports `--help` and prints a human-readable summary. JSON output available where useful (`--format json`). Dry-run mode available on scripts that make changes.
 - See the `example-state.yaml` in each skill directory for sample state and a commented walkthrough of the skill's cron behaviour.
@@ -113,13 +121,15 @@ Skills marked with a script in the table above ship a small executable alongside
 
 ## Security skills at a glance
 
-Three skills address the documented top security risks for OpenClaw agents:
+Five skills address the documented top security risks for OpenClaw agents:
 
 | Threat | Skill | How |
 |---|---|---|
 | Malicious skill install (36% of ClawHub skills contain injection payloads) | `skill-vetting` | Scans before install — 6 security flags, SAFE / CAUTION / DO NOT INSTALL |
 | Runtime injection from emails, web pages, scraped data | `prompt-injection-guard` | Detects 6 signal types at runtime; blocks on 2+ signals |
 | Agent takes destructive action without confirmation | `dangerous-action-guard` | Pre-execution gate with 5-min expiry window and full audit trail |
+| Post-install skill tampering or credential injection | `installed-skill-auditor` | Weekly content-hash drift detection; INJECTION / CREDENTIAL / EXFILTRATION checks |
+| Silent skill loading failures hiding broken skills | `skill-doctor` | 6 diagnostic checks per skill; surfaces every load-time failure before it disappears |
 
 ---
 
@@ -129,6 +139,7 @@ obra/superpowers was built for session-based tools (Claude Code, Cursor, Codex).
 
 - Runs **24/7**, not just per-session
 - Handles tasks that take **hours, not minutes**
+- Has **native cron scheduling** — skills wake up automatically on a schedule
 - Needs skills around **handoff, memory persistence, and self-recovery** that session tools don't require
 
 The OpenClaw-native skills in this repo exist because of that difference.

skills/core/skill-conflict-detector/SKILL.md

@@ -0,0 +1,85 @@
+---
+name: skill-conflict-detector
+version: "1.0"
+category: core
+description: Detects skill name shadowing and description-overlap conflicts that cause OpenClaw to trigger the wrong skill or silently ignore one when two skills compete for the same intent.
+---
+
+# Skill Conflict Detector
+
+## What it does
+
+Two types of conflict cause skills to misbehave silently:
+
+**1. Name shadowing** — Two installed skills have the same `name:` field. OpenClaw loads the last one lexicographically; the other silently disappears. No warning.
+
+**2. Description overlap** — Two skills' descriptions are so semantically similar that OpenClaw can't reliably distinguish them. The wrong skill fires. You think one skill is broken; actually the other is intercepting it.
+
+Skill Conflict Detector scans all installed skills for both types and reports them with overlap scores and resolution suggestions.
+
+## When to invoke
+
+- After installing a new skill from ClawHub
+- When a skill fires inconsistently or triggers on unexpected prompts
+- Before publishing a new skill (ensure it doesn't shadow an existing one)
+- As part of `install.sh` post-install validation
+
+## Conflict types
+
+| Type | Severity | Effect |
+|---|---|---|
+| NAME_SHADOW | CRITICAL | One skill completely hidden |
+| EXACT_DUPLICATE | CRITICAL | Identical description — both fire or neither does |
+| HIGH_OVERLAP | HIGH | >75% semantic similarity — unreliable trigger routing |
+| MEDIUM_OVERLAP | MEDIUM | 50–75% similarity — possible confusion |
+
+## Output
+
+```
+Skill Conflict Report — 32 skills
+────────────────────────────────────────────────
+0 CRITICAL | 1 HIGH | 0 MEDIUM
+
+HIGH  skill-vetting ↔ installed-skill-auditor  overlap: 0.81
+      Both describe "scanning skills for security issues"
+      Suggestion: Differentiate — skill-vetting is pre-install,
+      installed-skill-auditor is post-install ongoing audit.
+```
+
+## How to use
+
+```bash
+python3 detect.py --scan                   # Full conflict scan
+python3 detect.py --scan --skill my-skill  # Check one skill vs all others
+python3 detect.py --scan --threshold 0.6   # Custom similarity threshold
+python3 detect.py --names                  # Check name shadowing only
+python3 detect.py --format json
+```
+
+## Procedure
+
+**Step 1 — Run the scan**
+
+```bash
+python3 detect.py --scan
+```
+
+**Step 2 — Resolve CRITICAL conflicts first**
+
+NAME_SHADOW: Rename one skill's `name:` field and its directory. Run `bash scripts/validate-skills.sh` to confirm.
+
+EXACT_DUPLICATE: One skill is redundant. Remove or differentiate it.
+
+**Step 3 — Assess HIGH_OVERLAP pairs**
+
+Read both descriptions. Ask: could a user's natural-language request unambiguously route to one and not the other? If no, differentiate. Common fix: add the scope or timing to the description (e.g., "before install" vs. "after install").
+
+**Step 4 — Accept or suppress MEDIUM_OVERLAP**
+
+Medium overlaps are informational. If the two skills serve genuinely different contexts and users would naturally phrase requests differently, they can coexist. Document why in the skill's SKILL.md if it's non-obvious.
+
+## Similarity model
+
+Token-overlap Jaccard similarity between description strings after stop-word removal. Fast and deterministic — no external dependencies.
+
+Threshold defaults: HIGH ≥ 0.75, MEDIUM ≥ 0.50.