AOI OpenClaw Security Toolkit (Core)

**Why**: Prevent “one bad commit” incidents (accidental file leakage + secret exposure) with a fast, local-only, fail-closed check. **When**: Before committing/pushing, before publishing a skill, and when reviewing scripts/skills for unexpected egress behavior. **How**: Run a single command to get PASS/WARN/BLOCK and an optional redaction-safe report. **Scope**: Detection + reporting only (no auto-fix, no uploads, no auto-posting). **Quickstart**: `openclaw-sec check --preset repo --diff staged`