Add repo-fit skill pack

README.md

@@ -1,11 +1,11 @@
 # openclaw-superpowers
 
-**52 ready-to-use skills that make your AI agent autonomous, self-healing, and self-improving.**
+**56 ready-to-use skills that make your AI agent autonomous, self-healing, and self-improving.**
 
-[![Skills](https://img.shields.io/badge/skills-52-blue)](#skills-included)
+[![Skills](https://img.shields.io/badge/skills-56-blue)](#skills-included)
 [![Security](https://img.shields.io/badge/security_skills-6-green)](#security--guardrails)
-[![Cron](https://img.shields.io/badge/cron_scheduled-16-orange)](#openclaw-native-36-skills)
-[![Scripts](https://img.shields.io/badge/companion_scripts-23-purple)](#companion-scripts)
+[![Cron](https://img.shields.io/badge/cron_scheduled-16-orange)](#openclaw-native-38-skills)
+[![Scripts](https://img.shields.io/badge/companion_scripts-25-purple)](#companion-scripts)
 [![License: MIT](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
 
 A plug-and-play skill library for [OpenClaw](https://github.com/openclaw/openclaw) — the open-source AI agent runtime. Gives your agent structured thinking, security guardrails, persistent memory, cron scheduling, self-recovery, and the ability to write its own new skills during conversation.
@@ -20,7 +20,7 @@ Built for developers who want their AI agent to run autonomously 24/7, not just
 
 Most AI agent frameworks give you a chatbot that forgets everything between sessions. OpenClaw is different — it runs persistently, handles multi-hour tasks, and has native cron scheduling. But out of the box, it doesn't know *how* to use those capabilities well.
 
-**openclaw-superpowers bridges that gap.** Install 52 skills in one command, and your agent immediately knows how to:
+**openclaw-superpowers bridges that gap.** Install 56 skills in one command, and your agent immediately knows how to:
 
 - **Think before it acts** — brainstorming, planning, and systematic debugging skills prevent the "dive in and break things" failure mode
 - **Protect itself** — 6 security skills detect prompt injection, block dangerous actions, audit installed code, and scan for leaked credentials
@@ -51,13 +51,13 @@ cd ~/.openclaw/extensions/superpowers && ./install.sh
 openclaw gateway restart
 ```
 
-`install.sh` symlinks all 52 skills, creates state directories for stateful skills, and registers cron jobs — everything in one step. That's it. Your agent now has superpowers.
+`install.sh` symlinks all 56 skills, creates state directories for stateful skills, and registers cron jobs — everything in one step. That's it. Your agent now has superpowers.
 
 ---
 
 ## Skills included
 
-### Core (15 skills)
+### Core (17 skills)
 
 Methodology skills that work in any AI agent runtime. Adapted from [obra/superpowers](https://github.com/obra/superpowers) plus new additions for skill quality assurance.
 
@@ -78,8 +78,10 @@ Methodology skills that work in any AI agent runtime. Adapted from [obra/superpo
 | `skill-trigger-tester` | Scores a skill's description against sample prompts to predict trigger reliability | `test.py` |
 | `skill-conflict-detector` | Detects name shadowing and description-overlap conflicts between installed skills | `detect.py` |
 | `skill-portability-checker` | Validates OS/binary dependencies in companion scripts; catches non-portable calls | `check.py` |
+| `pull-request-feedback-loop` | Handles PR review comments as grouped, verified fix loops | — |
+| `skill-effectiveness-auditor` | Reviews whether a skill will trigger reliably and guide useful behavior | — |
 
-### OpenClaw-Native (36 skills)
+### OpenClaw-Native (38 skills)
 
 Skills that require OpenClaw's persistent runtime — cron scheduling, session state, or long-running execution. These are the skills that make a 24/7 autonomous agent actually work reliably.
 
@@ -94,6 +96,7 @@ Skills that require OpenClaw's persistent runtime — cron scheduling, session s
 | `morning-briefing` | Daily briefing: priorities, active tasks, pending handoffs | weekdays 7am | `run.py` |
 | `secrets-hygiene` | Audits installed skills for stale credentials and orphaned secrets | Mondays 9am | `audit.py` |
 | `workflow-orchestration` | Chains skills into resumable named workflows with on-failure conditions | — | `run.py` |
+| `quality-gate-orchestrator` | Tracks required validation gates and reports completion readiness | — | `gate.py` |
 | `context-budget-guard` | Estimates context usage and triggers compaction before overflow | — | `check.py` |
 | `prompt-injection-guard` | Detects injection attempts in external content before the agent acts | — | `guard.py` |
 | `spend-circuit-breaker` | Tracks API spend against a monthly budget; pauses crons at 100% | every 4h | `check.py` |
@@ -111,6 +114,7 @@ Skills that require OpenClaw's persistent runtime — cron scheduling, session s
 | `community-skill-radar` | Scans Reddit for OpenClaw pain points and feature requests; writes prioritized PROPOSALS.md | every 3 days | `radar.py` |
 | `memory-graph-builder` | Parses MEMORY.md into a knowledge graph; detects duplicates, contradictions, stale entries | daily 10pm | `graph.py` |
 | `config-encryption-auditor` | Scans config directories for plaintext API keys, tokens, and world-readable permissions | Sundays 9am | `audit.py` |
+| `openclaw-config-advisor` | Diagnoses provider, fallback, channel, MCP, and gateway config issues | — | `advise.py` |
 | `tool-description-optimizer` | Scores skill descriptions for trigger quality — clarity, specificity, keyword density — and suggests rewrites | — | `optimize.py` |
 | `mcp-health-checker` | Monitors MCP server connections for health, latency, and availability; detects stale connections | every 6h | `check.py` |
 | `memory-dag-compactor` | Builds hierarchical summary DAGs from MEMORY.md with depth-aware prompts (d0 leaf → d3+ durable) | daily 11pm | `compact.py` |
@@ -151,12 +155,12 @@ Six skills form a defense-in-depth security layer for autonomous agents:
 
 | Feature | openclaw-superpowers | obra/superpowers | Custom prompts |
 |---|---|---|---|
-| Skills included | **52** | 8 | 0 |
+| Skills included | **56** | 8 | 0 |
 | Self-modifying (agent writes new skills) | Yes | No | No |
 | Cron scheduling | **16 scheduled skills** | No | No |
 | Persistent state across sessions | **YAML state schemas** | No | No |
 | Security guardrails | **6 defense-in-depth skills** | No | No |
-| Companion scripts with CLI | **23 scripts** | No | No |
+| Companion scripts with CLI | **25 scripts** | No | No |
 | Memory graph / knowledge graph | Yes | No | No |
 | SQLite session persistence + FTS5 search | Yes | No | No |
 | Sub-agent recall with token-budgeted grants | Yes | No | No |
@@ -173,14 +177,14 @@ Six skills form a defense-in-depth security layer for autonomous agents:
 ```
 ~/.openclaw/extensions/superpowers/
 ├── skills/
-│   ├── core/                    # 15 methodology skills (any runtime)
+│   ├── core/                    # 17 methodology skills (any runtime)
 │   │   ├── brainstorming/
 │   │   │   └── SKILL.md
 │   │   ├── create-skill/
 │   │   │   ├── SKILL.md
 │   │   │   └── TEMPLATE.md
 │   │   └── ...
-│   ├── openclaw-native/         # 36 persistent-runtime skills
+│   ├── openclaw-native/         # 38 persistent-runtime skills
 │   │   ├── memory-graph-builder/
 │   │   │   ├── SKILL.md             # Skill definition + YAML frontmatter
 │   │   │   ├── STATE_SCHEMA.yaml    # State shape (committed, versioned)
@@ -203,7 +207,7 @@ Six skills form a defense-in-depth security layer for autonomous agents:
 
 Skills marked with a script ship a small executable alongside their `SKILL.md`:
 
-- **23 Python scripts** (`run.py`, `audit.py`, `check.py`, `guard.py`, `bridge.py`, `onboard.py`, `sync.py`, `doctor.py`, `loadout.py`, `governor.py`, `detect.py`, `test.py`, `radar.py`, `graph.py`, `optimize.py`, `compact.py`, `intercept.py`, `score.py`, `integrity.py`, `persist.py`, `recall.py`) — run directly to manipulate state, generate reports, or trigger actions. No extra dependencies; `pyyaml` is optional but recommended.
+- **25 Python scripts** (`run.py`, `audit.py`, `check.py`, `guard.py`, `bridge.py`, `onboard.py`, `sync.py`, `doctor.py`, `loadout.py`, `governor.py`, `detect.py`, `test.py`, `radar.py`, `graph.py`, `optimize.py`, `compact.py`, `intercept.py`, `score.py`, `integrity.py`, `persist.py`, `recall.py`, `advise.py`, `gate.py`) — run directly to manipulate state, generate reports, or trigger actions. No extra dependencies; `pyyaml` is optional but recommended.
 - **`vet.sh`** — Pure bash scanner; runs on any system with grep.
 - Every script supports `--help` and `--format json`. Dry-run mode available on scripts that make changes.
 - See the `example-state.yaml` in each skill directory for sample state and a commented walkthrough of cron behaviour.

docs/repo-fit-skill-pack-spec.md

@@ -0,0 +1,46 @@
+# Repo-Fit Skill Pack Spec
+
+## Goal
+
+Add four skills that fit the current `openclaw-superpowers` library and improve day-to-day agent reliability:
+
+- PR feedback handling
+- Semantic skill quality review
+- OpenClaw configuration diagnosis
+- Task completion gates
+
+These additions should extend the repo's existing autonomy, validation, and OpenClaw-native state patterns without introducing external marketplace structure or branding.
+
+## Skills
+
+### `pull-request-feedback-loop`
+
+Core skill for handling PR review feedback. It uses `gh` to fetch review comments, groups related comments by issue, fixes one group at a time, runs targeted verification, and prepares concise replies only after the fix is confirmed.
+
+### `skill-effectiveness-auditor`
+
+Core skill for semantic skill review. It checks whether a skill will trigger reliably, guide useful agent behavior, avoid overlap with existing skills, and produce testable outcomes. It complements structural tools such as `skill-doctor`, `skill-trigger-tester`, `skill-conflict-detector`, and `tool-description-optimizer`.
+
+### `openclaw-config-advisor`
+
+OpenClaw-native stateful skill for read-only config diagnosis. It scans likely OpenClaw config files, reports provider, fallback, channel, MCP, and gateway health hints, and stores scan summaries in its own state file.
+
+### `quality-gate-orchestrator`
+
+OpenClaw-native stateful skill for task completion gates. It tracks required and optional validation gates, commands, last results, waivers, and readiness so agents do not declare completion before required checks pass or are explicitly waived.
+
+## Non-Goals
+
+- Do not copy external plugin or marketplace structure.
+- Do not require network access for normal behavior.
+- Do not modify untracked `.claude/` or `CLAUDE.md`.
+- Do not perform destructive Git or filesystem actions.
+- Do not write state outside `$OPENCLAW_HOME/skill-state/<skill-name>/state.yaml`.
+
+## Acceptance Criteria
+
+- All four skills validate with the existing repo scripts.
+- New OpenClaw-native scripts are standard-library only.
+- Missing local OpenClaw config produces useful warnings, not crashes.
+- README skill counts and tables match the filesystem.
+- Validation passes through `scripts/validate-skills.sh`, `tests/test-runner.sh`, `tests/test-repo-fit-skill-pack.sh`, and `git diff --check`.

skills/core/pull-request-feedback-loop/SKILL.md

@@ -0,0 +1,63 @@
+---
+name: pull-request-feedback-loop
+description: Handles PR review feedback by fetching comments, grouping issues, fixing one group at a time, and verifying before replies.
+---
+
+# Pull Request Feedback Loop
+
+PR feedback is a queue of review obligations, not a pile of comments. Use this skill when a user asks you to address PR comments, requested changes, failed checks tied to review feedback, or stale review threads.
+
+## When to Use
+
+- A PR has unresolved review comments or requested changes
+- The user asks you to "address review feedback" or "fix PR comments"
+- You need to reconcile code changes, replies, and verification
+
+Do not use this for ordinary local refactors with no review thread.
+
+## Process
+
+1. Identify the PR.
+   - Prefer the PR number or URL from the user.
+   - If missing, run `gh pr status` or `gh pr view --json number,url,headRefName`.
+
+2. Fetch review context.
+   - Run `gh pr view <pr> --comments`.
+   - If needed, run `gh api` for review threads or inline comments.
+   - Capture author, file, line, status, and requested change.
+
+3. Group comments by issue.
+   - Merge duplicate comments that point at the same underlying fix.
+   - Separate behavior bugs, test gaps, naming/docs cleanup, and questions.
+   - Mark comments that need clarification before code changes.
+
+4. Fix one group at a time.
+   - Inspect the referenced code before editing.
+   - Make the smallest coherent change for that group.
+   - Avoid bundling unrelated cleanup into review fixes.
+
+5. Verify before replying.
+   - Run the narrowest relevant test or check for each group.
+   - If no test can run, explain the exact reason and inspect manually.
+   - Do not claim a thread is resolved until verification passes or is explicitly waived.
+
+6. Prepare replies.
+   - Summarize what changed and how it was verified.
+   - Keep replies short and factual.
+   - Do not submit replies automatically unless the user asked you to.
+
+## Output
+
+Report:
+
+- Groups handled
+- Files changed
+- Verification run
+- Threads ready for reply
+- Threads needing user or reviewer clarification
+
+## Guardrails
+
+- Do not force-push, delete branches, or dismiss reviews without explicit permission.
+- Do not mark comments resolved only because code was edited.
+- Do not ignore a comment because it looks small; either address it or explain why it is not applicable.

skills/core/skill-effectiveness-auditor/SKILL.md

@@ -0,0 +1,62 @@
+---
+name: skill-effectiveness-auditor
+description: Reviews whether a skill will trigger reliably, guide useful behavior, avoid overlap, and produce testable outcomes.
+---
+
+# Skill Effectiveness Auditor
+
+Structural validation proves a skill can load. Effectiveness review asks whether the agent will use it well. Use this skill when reviewing a new skill, improving an existing skill, or deciding whether a proposed skill belongs in the library.
+
+## When to Use
+
+- A skill passes format checks but may still be vague or redundant
+- A contributor proposes a new skill
+- A skill is not triggering when expected
+- A skill seems too broad, too long, or hard to verify
+
+## Audit Process
+
+1. State the intended behavior.
+   - Write one sentence describing what the skill should make the agent do.
+   - List 3 user prompts that should trigger it.
+   - List 2 prompts that should not trigger it.
+
+2. Check trigger clarity.
+   - The frontmatter description should name the task and the trigger.
+   - Avoid generic descriptions such as "helps with quality" or "improves workflow".
+   - Prefer concrete verbs: reviews, validates, scans, plans, records, summarizes.
+
+3. Simulate agent use.
+   - Walk through the skill as if responding to a real prompt.
+   - Note any step where the agent must guess policy, inputs, output format, or stopping conditions.
+   - Flag steps that say "think about" without telling the agent what to produce.
+
+4. Check overlap.
+   - Compare with nearby skills before approving a new one.
+   - If overlap is mostly structural, merge or reference the existing skill.
+   - If the new skill owns a distinct trigger, state that difference clearly.
+
+5. Check testability.
+   - The output should show whether the skill was followed.
+   - Add verification criteria for high-risk workflows.
+   - For stateful skills, require `STATE_SCHEMA.yaml` rather than prose-only memory.
+
+## Verdicts
+
+Use one verdict:
+
+- `keep` - clear trigger, useful behavior, low overlap
+- `revise` - useful idea with fixable trigger or process gaps
+- `split` - too broad for one skill
+- `remove` - duplicated, vague, or not a skill-level behavior
+
+## Output
+
+Return:
+
+- Verdict
+- Trigger assessment
+- Actionability issues
+- Overlap risks
+- Suggested frontmatter rewrite
+- Required edits before merge

skills/openclaw-native/openclaw-config-advisor/SKILL.md

@@ -0,0 +1,59 @@
+---
+name: openclaw-config-advisor
+version: "1.0"
+category: openclaw-native
+description: Diagnoses OpenClaw provider, fallback, channel, MCP, and gateway config issues with read-only scans and stateful summaries.
+stateful: true
+---
+
+# OpenClaw Config Advisor
+
+Config problems usually look like model failures, missing tools, or broken channels. Use this skill when OpenClaw behaves inconsistently and you need a read-only diagnosis before changing settings.
+
+## When to Invoke
+
+- Provider routing or fallback model behavior is wrong
+- A channel cannot connect or stops receiving messages
+- MCP tools are missing, stale, or unavailable
+- The gateway starts but behaves differently than expected
+- You need a current config summary before editing OpenClaw settings
+
+## Checks
+
+| Area | What to inspect |
+|---|---|
+| Providers | Provider keys, model names, default model hints |
+| Fallback | Fallback or backup model settings |
+| Channels | Telegram, Discord, Slack, WhatsApp, Signal, or Lark entries |
+| MCP | MCP server declarations and command/url hints |
+| Gateway | Host, port, log, and process configuration hints |
+
+## How to Use
+
+```bash
+python3 advise.py --scan
+python3 advise.py --scan --config-dir ~/.openclaw
+python3 advise.py --explain fallback
+python3 advise.py --status
+python3 advise.py --format json
+```
+
+## Procedure
+
+1. Run `python3 advise.py --scan --format json`.
+2. Review findings by severity: `WARN` first, then `INFO`.
+3. Inspect the named config files before editing anything.
+4. Apply config changes only after the user confirms the intended routing or channel behavior.
+5. Re-run the scan and compare with the prior state summary.
+
+## State
+
+Scan summaries are stored in `~/.openclaw/skill-state/openclaw-config-advisor/state.yaml`.
+
+Fields: `last_scan_at`, `config_dir`, `findings`, `affected_areas`, and `scan_history`.
+
+## Guardrails
+
+- This skill is read-only; it does not modify OpenClaw config.
+- Missing config directories are warnings, not crashes.
+- Do not print secrets. Report that secret-like values exist without echoing them.

skills/openclaw-native/openclaw-config-advisor/STATE_SCHEMA.yaml

@@ -0,0 +1,17 @@
+version: "1.0"
+fields:
+  last_scan_at:
+    type: string
+    description: ISO timestamp of the last config scan.
+  config_dir:
+    type: string
+    description: Directory scanned for OpenClaw config files.
+  findings:
+    type: list
+    description: Current findings with severity, area, file, and message.
+  affected_areas:
+    type: list
+    description: Config areas touched by current findings.
+  scan_history:
+    type: list
+    description: Recent scan summaries.