Add 1claw skill — HSM-backed secrets for AI agents

[kmjones1979]

Summary

Adds the 1claw provider skill for 1Claw — HSM-backed secret management for autonomous agents, designed to complement Bankr (e.g. store bk_ API keys in the vault instead of chat context).

Files added

• 1claw/SKILL.md (425 lines) — Full skill with capabilities showcase, self-enrollment, stdio MCP setup, Bankr-specific examples, 35 MCP tools (categorized), transaction guardrails, OIDC federation, Shroud TEE section, security rules, troubleshooting
• 1claw/references/mcp-and-api.md (124 lines) — Auth flows (agent token exchange, OIDC federation), health checks, environment vars, Intents API endpoints, signing key management, packages
• 1claw/scripts/validate-setup.sh (86 lines) — Smoke test: health check + optional live token exchange when ONECLAW_AGENT_API_KEY is set
• README.md — Updated skills table with 1Claw row

Key capabilities showcased

• 35 MCP tools via npx -y @1claw/mcp (secrets CRUD, signing, transactions, treasury, platform, approvals, security)
• HSM envelope encryption — AES-256-GCM DEKs wrapped by Google Cloud KMS
• Multi-chain signing keys — Ethereum, Bitcoin, Solana, XRP, Cardano, Tron
• OIDC federation — 1claw as JWKS-published issuer for external service auth (Anthropic WIF, GCP/AWS STS)
• inspect_content free mode — prompt injection scanning without vault credentials
• MPC secret storage — Shamir 2-of-3 (GCP + AWS + Azure) or XOR 2-of-2 client custody
• Exfil protection — blocks secret re-emission in MCP outputs by default
• Transaction guardrails — per-agent chain/address allowlists, per-tx + daily caps
• Shroud TEE — inspected LLM traffic + confidential signing (AMD SEV-SNP)
• Platform API — bootstrap templates, user provisioning, plt_ keys
• Treasury multisig proposals — Safe threshold signing with auto-execute

Accuracy verification

• All 35 MCP tool names verified against packages/mcp/src/index.ts
• Auth flow (AgentTokenRequest, TokenResponse) verified against Rust DTOs
• Self-enrollment (EnrollAgentRequest fields: name, human_email?, description?) verified
• ONECLAW_LOCAL_ONLY → security-only mode verified in source
• getExfilProtectionMode() defaults to "block" verified in security/index.ts
• Federation endpoint (POST /v1/auth/federated-token) verified in handlers
• validate_signing_key_path restrictions verified
• Treasury wallet human-only restriction documented correctly

Bankr ecosystem integration

• Clear separation: bankr skill = trading/x402, 1claw skill = secrets/signing
• Bankr bk_ key storage example (put + retrieve pattern)
• Multiple service key storage example (alchemy, openai, env bundles)
• Guardrails complement Bankr's trading operations (limit spend, restrict chains)

Test plan

• ./1claw/scripts/validate-setup.sh — production GET https://api.1claw.xyz/v1/health → 200 + valid JSON
• Tool count (35) verified against source code
• All API claims cross-referenced with Rust handlers and DTOs
• Maintainer with ocv_ key: ONECLAW_AGENT_API_KEY=ocv_... ./1claw/scripts/validate-setup.sh — token exchange + vault list
• Install skill in a Bankr/OpenClaw agent and confirm MCP stdio config loads