feat(sec-core): update skill ledger security interactions

[1570005763]

Description

Update skill-ledger interactions so non-pass hook states use the new confirmation policy and skill-ledger guidance presents a clearer quick-scan / deep-scan workflow. Cosh and OpenClaw now require confirmation for unscanned, drifted, denied, and tampered skills while keeping warn/error/unknown states fail-open with warnings.

The skill-ledger Skill instructions now define a single report format shared by status checks, quick scans, deep scans, and post-install certification. Agent-assisted skill installs automatically run quick certification after a successful install, while explicit deep-scan requests go directly through the deep scan path after environment checks.

Related Issue

no-issue: user-requested skill ledger interaction update

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• tokenless (tokenless)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

cd src/agent-sec-core && make python-code-pretty
cd src/agent-sec-core && uv run --project agent-sec-cli ruff check --config agent-sec-cli/pyproject.toml cosh-extension/hooks/skill_ledger_hook.py tests/unit-test/cosh_hooks/test_skill_ledger_hook.py
cd src/agent-sec-core/agent-sec-cli && uv run pytest ../tests/unit-test/cosh_hooks/test_skill_ledger_hook.py
cd src/agent-sec-core/agent-sec-cli && .venv/bin/python -m pytest ../tests/integration-test/skill-ledger/test_skill_ledger_integration.py -k "list_scanners or certify_no_findings_auto_invoke or certify_static_scanner_detects_dangerous_script or certify_auto_invoke_skill_code_scanner_warn or certify_merges_skill_vetter_and_skill_code_scanner"
cd src/agent-sec-core && PATH="$(pwd)/agent-sec-cli/.venv/bin:$PATH" python3 tests/e2e/skill-ledger/e2e_test.py
cd src/agent-sec-core/openclaw-plugin && npm run build
cd src/agent-sec-core/openclaw-plugin && npm test -- --test-reporter=spec
git diff --check

Additional Notes

Rust checks were not run because this change does not touch Rust code.

[edonyzpc]

行为上有变化，确认一下文档是否需要对应更新，例如copilot-shell 的 quickstart 等

[edonyzpc]

新流程要求走用户确认：

• agent-sec-cli skill-ledger certify --all 经由 agent 驱动时：任何 none 状态的 Skill 都会在 hook 层弹 ask，阻断批量流程；
• 首次安装一个 Skill（状态必为 none）——所有新安装 Skill 首次被读时都会走一次 ask；

建议：

1. 明确非交互退化策略：例如"当宿主无法提供确认能力时降级为 allow+reason"。cosh 端看能否读取 settings 里是否启用 interactive prompt；openclaw 端看 requireApproval 合约是否允许宿主无 UI 时默认 deny/allow。
2. 至少在文档里写清：none 状态下 agent 驱动的批处理场景必须走 certify --all 前置 + 只对已认证 Skill 读取，否则会触发大量确认。
3. 补一条 e2e 或集成用例覆盖"非 pass 状态但宿主不响应 ask"的表现。