Training Manager

- Added security.sh and write-file.sh scripts for improved file-write safety and prompt injection defense. - All workspace file writes during setup and onboarding now route through write-file.sh for prompt sanitization. - Updated setup flow to call write-file.sh instead of direct file writes for IDENTITY.md, USER.md, SOUL.md, AGENTS.md, TOOLS.md, and MEMORY.md. - Clarified instructions to never write workspace files directly; all writes are filtered. - No changes to user-facing commands or behaviors outside the improved onboarding file-safety measures.

- Added proactive workspace management and clean up for advanced users - Added new script: `scripts/analyze.sh` to the repository. - This addition may support future automation or analysis workflows within the training manager.

## 1.0.2 — Security Hardening ### Prompt Injection Defense (NEW) Content written by this skill lands in workspace files that become part of the agent's system prompt. This release adds two layers of protection against malicious content being injected into behavioral rules or generated skills. **Layer 1 — Agent-level screening (SKILL.md):** - New "Content Security" section in behavioral guidelines - Agent must screen all content before calling write scripts - Detects instruction override attempts, data exfiltration phrases, encoded commands, and behavioral rule masquerading - Suspicious content is shown to the operator for explicit confirmation before proceeding - Reinforces "translate, don't transcribe" policy — agent rephrases corrections into scoped directives rather than copying raw input verbatim **Layer 2 — Script-level filters (log-training.sh, generate-skill.sh):** - New `check_prompt_injection()` function in both scripts - Pattern-matches against 19 regex patterns covering: - Instruction overrides ("ignore previous instructions", "you are now", "disregard all rules", etc.) - Data exfiltration ("secretly send", "upload all files to", "exfiltrate", etc.) - Obfuscation (base64 encode/decode) - Suspicious outbound commands (curl POST, wget --post) - Hard reject with clear error message - Escape hatch: edit target files manually for legitimate content that triggers false positives ### Shell Injection Fixes (from 1.0.1) - All `echo` replaced with `printf '%s'` for variable interpolation - Backtick and `$()` command substitution blocked in all user-provided arguments - `requires_bins` and `requires_env` validated against character class whitelist - Consolidate `TARGET_FILE` restricted to whitelisted bootstrap filenames only - Path traversal (`/`, `\`, `..`) blocked in consolidate filename argument - Empty slug guard in generate-skill.sh ### Bug Fixes - Fixed `((var++))` causing silent script exit under `set -e` in validate.sh (all 6 instances) - Fixed consolidation awk pattern that leaked next section's heading into staging file - Fixed `/^## [^T]/` heading pattern that skipped headings starting with "T" (e.g. "## Tools") ### Interactive Onboarding (from 1.0.0) - New `setup` command with 5-phase conversational onboarding flow - Auto-detection: if 2+ core workspace files are missing, setup starts automatically - Translation table for converting conversational answers into proper agent directives - Post-setup validation runs automatically - Scaffold preserved as fallback for power users who prefer raw templates

openclaw-training-manager v0.1.1 - Initial release with core functionality for OpenClaw training workspace management. - Added scripts: export, generate-skill, log-training, scaffold, status, and validate for automation of common workspace tasks. - Supports interactive onboarding, skill generation, workspace scaffolding, training correction logging, and workspace validation. - Comprehensive documentation included in README.md.

Initial release with interactive workspace setup and management. - Adds conversational onboarding to create all core workspace files based on users' real answers (no placeholders). - Auto-detects missing setup and launches onboarding flow; falls back to scaffolding raw templates for advanced users. - Generates agent instructions, tone, and workspace config from operator input, previewing before writing. - Supports skills generation with prompts for required details and environment. - Logs training corrections and session memories, including immediate initial log after setup. - Validates workspace for correct structure after setup or changes.