clawsec-clawhub-checkerlisted

# ClawSec ClawHub Checker Adds a reputation gate on top of the `clawsec-suite` guarded installer. ## Operational Notes - Required runtime: `node`, `clawhub`, `openclaw` - Depends on: installed `clawsec-suite` - Side effects: none on other skills; this package does not rewrite installed suite files - Advisory-hook wiring is optional and manual in this release - Network behavior: reputation checks call ClawHub inspect/search endpoints - Trust model: scores are heuristic and confirmation-gated ## What It Does 1. Reads skill metadata from ClawHub (`inspect --json`) 2. Evaluates scanner status (including VirusTotal summary when present) 3. Applies additional reputation heuristics (age, updates, author history, downloads) 4. Requires explicit `--confirm-reputation` when score is below threshold ## Installation Install after `clawsec-suite`: ```bash npx clawhub@latest install clawsec-suite npx clawhub@latest install clawsec-clawhub-checker ``` Optional preflight check (validates local paths and prints recommended command): ```bash node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/setup_reputation_hook.mjs ``` ## Release Artifact Verification For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key. ```bash set -euo pipefail SKILL_NAME="clawsec-clawhub-checker" VERSION=