feat(skill): add Claude Code skill for GoClaw CLI

[mrgoonie]

Summary

• Adds claude-skill/ — a Claude Code skill that lets Claude autonomously invoke the goclaw CLI to manage GoClaw AI agent gateway servers.
• 16 progressive-disclosure reference files cover 38 top-level command groups (agents, chat, teams, tools, memory, tenants, automations, etc.).
• install.sh with 3-mode permission selector (full wildcard / readonly-only / no-patch). Safe ~/.claude/settings.json merge via quoted Python3 heredoc with env-var injection. Abort on Windows, TTY probe for /dev/tty, idempotent re-runs.
• check-drift.sh validator: greps every flag mentioned in references and verifies it against cmd/*.go. Currently 0 drift across 68 unique flag mentions.
• Distribution: GitHub Releases tarball + SHA256. Release skill-v0.1.0 already published: https://github.com/nextlevelbuilder/goclaw-cli/releases/tag/skill-v0.1.0
• Root README.md gains a Claude Code Skill section with install snippet.

Why

GoClaw users want to drive the gateway from Claude Code without hand-typing goclaw commands. MCP server was considered and rejected (YAGNI — CLI is already the source of truth). Skill-only approach keeps version in sync with the CLI: bumping goclaw updates the reference surface automatically.

Hero use case

Claude picks up a user intent like "run uname -a on my goclaw server" and autonomously runs:

goclaw tools invoke exec --param command="uname -a" --output json

Server exec tool verified at goclaw/internal/tools/shell.go:114-128 — params: command (required), working_dir (optional). Approval gate handled server-side via ExecApprovalManager.

Safety posture

• Default install mode = 2 (readonly verbs — list, get, status, …) — SAFEST.
• Mode 1 (full wildcard) requires TTY confirmation — refused under curl | bash.
• Mode 3 (no-patch) — safest default when stdin is piped.
• SKILL.md instructs Claude to always append --output json, refuse streaming, and prompt user before destructive ops (delete, revoke, clear, unpublish, rotate).
• settings.json backed up with timestamp before every merge.
• Tarball protected by SHA256 verification in README install one-liner.

Files

• claude-skill/SKILL.md — thin index with frontmatter.
• claude-skill/references/*.md — 16 reference files, 2159 lines total.
• claude-skill/install.sh — 223-line production installer. shellcheck clean.
• claude-skill/check-drift.sh — flag-vs-source validator. 0 drift.
• claude-skill/LICENSE — MIT.
• claude-skill/README.md — user-facing install + usage docs.
• claude-skill/.verified-commands.txt — 38 top-level commands verified from binary.

Test matrix (automated)

Test	Result
shellcheck install.sh check-drift.sh	clean
./install.sh --help	usage printed
Mode 2 dry-run	30 readonly rules enumerated
Mode 3 dry-run	JSON snippet printed
Mode 2 real install × 2	idempotent (30 → 30 rules)
Piped no --mode	defaults to Mode 3
Piped --mode 1	refused with exit 1
check-drift.sh	0 drift across 68 flag mentions

Remaining (post-merge)

• 15-prompt manual smoke test in Claude Code (5 positive + 5 destructive + 4 negative + 1 streaming). Plan in plans/260417-1254-goclaw-claude-skill/phase-04-install-readme-test.md §Step 4.
• Tune SKILL.md description keywords after smoke test if over/under-triggering observed.

Test plan

• Install from release tarball on a clean ~/.claude/ — Mode 2 default
• Verify SHA256 matches before extract
• Re-run installer — confirm idempotent (no duplicated rules)
• Ask Claude "list agents on goclaw" — expect goclaw agents list --output json
• Ask Claude "run `uname -a` on goclaw server" — expect goclaw tools invoke exec --param command="uname -a"
• Ask Claude "delete agent xyz" — expect prompt before --yes
• Ask Claude "tail logs for goclaw" — expect streaming-refusal explanation