Initial commit: custom OpenClaw skills from docker-test

- workspace: capmetro-monitor, github-notifications, model-selector
- workspace-security: vt-monitor, monitor-unauthorized
- workspace-home: cron-manager, monitor-unauthorized
- extensions: vt-sentinel (VT-Sentinel plugin)

Includes sync.sh for pull/push, README, AGENTS.md, .gitignore.

workspace/github-notifications/scripts/auto-dismiss.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+# Auto-dismiss GitHub notifications matching certain patterns
+# - Nightlies, previews, checkpoints, rc, etc (by title pattern)
+# - Releases with no release notes
+# Exempts specified repos from auto-dismiss
+#
+# Dismiss = PATCH (read) + DELETE thread + DELETE subscription
+
+set -e
+
+DRY_RUN="${DRY_RUN:-false}"
+
+# Repos exempt from auto-dismiss (always show these)
+EXEMPT_REPOS="Mirrowel/LLM-API-Key-Proxy|b3nw/LLM-API-Key-Proxy|pedramamini/Maestro"
+
+# Patterns to auto-dismiss (case-insensitive)
+DISMISS_PATTERNS="nightly|preview|checkpoint|pre-release|canary|alpha|beta|snapshot|-rc\.|rc[0-9]"
+
+# Get all unread notifications
+NOTIFICATIONS=$(gh api /notifications 2>/dev/null || echo "[]")
+
+if [ "$NOTIFICATIONS" = "[]" ] || [ -z "$NOTIFICATIONS" ]; then
+    echo '{"dismissed":0,"checked":0}'
+    exit 0
+fi
+
+DISMISSED=0
+TOTAL=$(echo "$NOTIFICATIONS" | jq 'length')
+
+echo "$NOTIFICATIONS" | jq -c '.[]' | while read -r notif; do
+    ID=$(echo "$notif" | jq -r '.id')
+    TITLE=$(echo "$notif" | jq -r '.subject.title')
+    TYPE=$(echo "$notif" | jq -r '.subject.type')
+    URL=$(echo "$notif" | jq -r '.subject.url')
+    REPO=$(echo "$notif" | jq -r '.repository.full_name')
+    
+    # Skip exempt repos
+    if echo "$REPO" | grep -qiE "$EXEMPT_REPOS"; then
+        continue
+    fi
+    
+    SHOULD_DISMISS=false
+    REASON=""
+    
+    # Check title patterns
+    if echo "$TITLE" | grep -qiE "$DISMISS_PATTERNS"; then
+        SHOULD_DISMISS=true
+        REASON="title_pattern"
+    fi
+    
+    # Check releases with no notes
+    if [ "$TYPE" = "Release" ] && [ "$SHOULD_DISMISS" = "false" ]; then
+        RELEASE_BODY=$(gh api "$URL" --jq '.body // ""' 2>/dev/null || echo "")
+        if [ -z "$RELEASE_BODY" ] || [ "$RELEASE_BODY" = "null" ]; then
+            SHOULD_DISMISS=true
+            REASON="empty_release_notes"
+        fi
+    fi
+    
+    if [ "$SHOULD_DISMISS" = "true" ]; then
+        if [ "$DRY_RUN" = "true" ]; then
+            echo "Would dismiss: [$REPO] $TITLE ($REASON)" >&2
+        else
+            # Full dismiss: mark read + delete thread + delete subscription
+            gh api -X PATCH "/notifications/threads/$ID" 2>/dev/null || true
+            gh api -X DELETE "/notifications/threads/$ID" 2>/dev/null || true
+            gh api -X DELETE "/notifications/threads/$ID/subscription" 2>/dev/null || true
+            echo "Dismissed: [$REPO] $TITLE ($REASON)" >&2
+        fi
+        DISMISSED=$((DISMISSED + 1))
+    fi
+done
+
+echo "{\"dismissed\":$DISMISSED,\"checked\":$TOTAL}"

workspace/github-notifications/scripts/check.sh

@@ -0,0 +1,104 @@
+#!/bin/bash
+# GitHub Notifications Checker
+# Filters PRs and releases, tracks state, returns JSON summary
+
+set -e
+
+STATE_FILE="${STATE_FILE:-memory/github-check-state.json}"
+WORKSPACE="${WORKSPACE:-/home/node/.openclaw/workspace}"
+cd "$WORKSPACE"
+
+# Initialize state file if missing
+if [ ! -f "$STATE_FILE" ]; then
+    mkdir -p "$(dirname "$STATE_FILE")"
+    echo '{"lastCheck":"1970-01-01T00:00:00Z","seenPRs":[],"seenReleases":[]}' > "$STATE_FILE"
+fi
+
+# Load last check time
+LAST_CHECK=$(jq -r '.lastCheck' "$STATE_FILE")
+NOW=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+# Fetch notifications (PRs only)
+PR_DATA=$(gh api 'notifications?all=true&per_page=100' 2>&1)
+
+if [ $? -ne 0 ]; then
+    echo '{"error":"GitHub API failed","details":"'"${PR_DATA//\"/\\\"}"'"}' | jq .
+    exit 1
+fi
+
+# Filter PRs where user is mentioned or author
+FILTERED_PRS=$(echo "$PR_DATA" | jq -r '[
+  .[] | 
+  select(.subject.type == "PullRequest") |
+  select(.reason == "mention" or .reason == "author" or .reason == "review_requested") |
+  {
+    repo: .repository.full_name,
+    title: .subject.title,
+    url: .subject.url,
+    updated: .updated_at,
+    reason: .reason,
+    id: (.repository.full_name + "#" + .subject.title)
+  }
+]')
+
+# Filter releases
+RELEASE_DATA=$(echo "$PR_DATA" | jq -r '[
+  .[] |
+  select(.subject.type == "Release") |
+  {
+    repo: .repository.full_name,
+    title: .subject.title,
+    updated: .updated_at,
+    id: (.repository.full_name + "@" + .subject.title)
+  }
+]')
+
+# Filter major releases (v*.0.0) + ALL Mirrowel/LLM-API-Key-Proxy releases
+FILTERED_RELEASES=$(echo "$RELEASE_DATA" | jq -r '[
+  .[] |
+  select(
+    (.repo == "Mirrowel/LLM-API-Key-Proxy") or
+    (.title | test("^v[0-9]+\\.0\\.0"))
+  ) |
+  select(.title | test("(rc|pre|beta|alpha|nightly)") | not)
+]')
+
+# Load seen items
+SEEN_PRS=$(jq -r '.seenPRs // []' "$STATE_FILE")
+SEEN_RELEASES=$(jq -r '.seenReleases // []' "$STATE_FILE")
+
+# Find new items
+NEW_PRS=$(echo "$FILTERED_PRS" | jq --argjson seen "$SEEN_PRS" '[
+  .[] | select(.id as $id | $seen | index($id) | not)
+]')
+
+NEW_RELEASES=$(echo "$FILTERED_RELEASES" | jq --argjson seen "$SEEN_RELEASES" '[
+  .[] | select(.id as $id | $seen | index($id) | not)
+]')
+
+# Count new items
+NEW_PR_COUNT=$(echo "$NEW_PRS" | jq 'length')
+NEW_RELEASE_COUNT=$(echo "$NEW_RELEASES" | jq 'length')
+
+# Update state
+ALL_PR_IDS=$(echo "$FILTERED_PRS" | jq -r '[.[].id]')
+ALL_RELEASE_IDS=$(echo "$FILTERED_RELEASES" | jq -r '[.[].id]')
+
+jq -n \
+  --arg now "$NOW" \
+  --argjson prIds "$ALL_PR_IDS" \
+  --argjson relIds "$ALL_RELEASE_IDS" \
+  '{lastCheck:$now, seenPRs:$prIds, seenReleases:$relIds}' \
+  > "$STATE_FILE"
+
+# Output result
+if [ "$NEW_PR_COUNT" -eq 0 ] && [ "$NEW_RELEASE_COUNT" -eq 0 ]; then
+    echo '{"hasNew":false}'
+    exit 0
+fi
+
+# Return new items
+jq -n \
+  --argjson prs "$NEW_PRS" \
+  --argjson releases "$NEW_RELEASES" \
+  '{hasNew:true, newPRs:$prs, newReleases:$releases}'

workspace/github-notifications/scripts/cron-wrapper.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# Cron wrapper for GitHub notifications
+# 1. Auto-dismisses low-value notifications (nightlies, previews, empty releases)
+# 2. Checks remaining notifications and formats for human consumption
+
+set -e
+
+WORKSPACE="${WORKSPACE:-/home/node/.openclaw/workspace}"
+cd "$WORKSPACE"
+
+# First: auto-dismiss low-value notifications
+bash skills/github-notifications/scripts/auto-dismiss.sh >/dev/null 2>&1 || true
+
+# Then: run the checker
+RESULT=$(bash skills/github-notifications/scripts/check.sh)
+
+# Check for errors
+if echo "$RESULT" | jq -e '.error' > /dev/null 2>&1; then
+    ERROR_MSG=$(echo "$RESULT" | jq -r '.error')
+    ERROR_DETAILS=$(echo "$RESULT" | jq -r '.details')
+    echo "❌ **GitHub Check Failed**"
+    echo ""
+    echo "Error: $ERROR_MSG"
+    echo "\`\`\`"
+    echo "$ERROR_DETAILS" | head -20
+    echo "\`\`\`"
+    exit 0
+fi
+
+# Check if there's new activity
+HAS_NEW=$(echo "$RESULT" | jq -r '.hasNew')
+
+if [ "$HAS_NEW" != "true" ]; then
+    # Nothing new - stay completely silent (no output = no message)
+    exit 0
+fi
+
+# Format and output the summary
+echo "🔔 **GitHub Activity Update**"
+echo ""
+
+# Process PRs
+PR_COUNT=$(echo "$RESULT" | jq '.newPRs | length')
+if [ "$PR_COUNT" -gt 0 ]; then
+    echo "**Pull Requests ($PR_COUNT new):**"
+    echo "$RESULT" | jq -r '.newPRs[] | "- **\(.repo)** #\(.title)\n  Updated: \(.updated) | Reason: \(.reason)"'
+    echo ""
+fi
+
+# Process Releases
+RELEASE_COUNT=$(echo "$RESULT" | jq '.newReleases | length')
+if [ "$RELEASE_COUNT" -gt 0 ]; then
+    echo "**Releases ($RELEASE_COUNT new):**"
+    echo "$RESULT" | jq -r '.newReleases[] | "- **\(.repo)** `\(.title)`\n  Released: \(.updated)"'
+fi