fix(import): support cross-user OpenClaw sources + post-import path check

[JD2005L]

What

Addresses item 11 of #4: /agent:import only looks for source workspaces under ~/.openclaw, which fails when the user ran OpenClaw as one account (typically root) and now runs ClawCode as a non-root service user (typically claude inside an LXC or similar). A related half of the same problem is that Claude Code's own config files (settings.json, installed_plugins.json) keep absolute paths written at install time — so switching the runtime user leaves those paths dangling with silent "unknown skill" failures downstream.

Two changes, both in skills/import/SKILL.md:

1. Workspace discovery across plausible source roots

The old step was:

ls -d ~/.openclaw/workspace* 2>/dev/null

Replaced with a loop over every readable root we know about:

for root in \
  "${CLAWCODE_OPENCLAW_ROOT:-}" \
  "$HOME/.openclaw" \
  "/root/.openclaw"; do
  [[ -z "$root" ]] && continue
  [[ -r "$root" ]] || continue
  ls -d "$root"/workspace* 2>/dev/null
done | sort -u

• CLAWCODE_OPENCLAW_ROOT lets the user point at a mounted volume / non-standard location explicitly.
• $HOME/.openclaw is the existing default.
• /root/.openclaw is picked up when the current user happens to be able to read it (common in Docker/LXC setups where the container runs as a non-root user but can still read /root).

If the loop returns nothing, the skill now asks for an absolute path rather than silently falling back. The subsequent "determine source path" step uses the absolute path from the chosen workspace directly — no re-expanding ~ from an agent-id, which was the root of the cross-user bug.

2. New Step G — "Path sanity check"

After the import copies + skills/crons/messaging work, scan these config files for absolute paths that don't live under $HOME (excluding system dirs):

• ~/.claude/settings.json
• ~/.claude/installed_plugins.json
• ./agent-config.json

For every hit, print a fix-ready sed command the user can run. Example output:

⚠️ ~/.claude/installed_plugins.json references /root/.claude/plugins/...
   but this agent runs as claude ($HOME = /home/claude). Skills from those
   plugins will fail with "unknown skill". Fix with:

   sed -i "s|/root/.claude|$HOME/.claude|g" ~/.claude/installed_plugins.json

ClawCode does not own settings.json / installed_plugins.json, so the step explicitly does not auto-patch. Detect-and-warn only; the user decides whether to apply.

Why a skill-doc change, not code

The import flow is driven by the agent reading the SKILL.md procedure, so this is the code. No TS changes, no new binary paths, no generator changes. The existing Step G (Reload) is renumbered to Step H.

Not addressed

• Item 11 also called out that installed_plugins.json can be invalid after a user switch. This PR surfaces it with a fix command but doesn't auto-repair. Auto-repairing Claude Code's own config from a ClawCode skill felt out of scope — happy to follow up with a separate PR if you'd prefer we take that step too.

Test plan

• Fresh import on a system with only $HOME/.openclaw/workspace* — discovers workspaces as before, no behavior change
• Import on a system where OpenClaw lives only in /root/.openclaw/ but the runtime user has read access — discovers workspaces that used to be invisible
• CLAWCODE_OPENCLAW_ROOT=/mnt/backup/openclaw — loop picks up that root first
• /root/.openclaw exists but is not readable — loop quietly skips it (no permission denied spam)
• Step G flags a seeded "/root/.claude/plugins/foo" entry in installed_plugins.json with the correct sed suggestion
• Step G prints the all-clear line when no stale paths exist

🤖 Generated with Claude Code