v2026.2.17-beta.1

This beta tightens agent discovery + hardens leak-buy against shell-injection-style misuse.

What changed

• Promo page + well-known discovery now point agents to install leak-buy (not leak):
  • well-known skill identity is now leak-buy
  • install command shown to agents is now clawhub install leak-buy
• Legacy discovery endpoint /.well-known/leak now advertises leak-buy for compatibility with clients that still hit the old endpoint.
• Removed stale promo/discovery references to legacy helper paths under skills/leak/scripts.
• leak-buy hardening to reduce shell-injection risk:
  • validates promo/download URL (http(s) only; rejects whitespace/control characters)
  • validates buyer key file path (non-empty; rejects whitespace/control characters; rejects symlinks)
  • requires buyer key path to be an existing readable regular file
  • skill docs now require tokenized/quoted argv construction (no raw interpolation, no eval, no sh -c)

Breaking / behavior notes

• Well-known discovery is a hard switch:
  • active: /.well-known/skills/leak-buy/SKILL.md and /.well-known/skills/leak-buy/resource.json
  • legacy /.well-known/skills/leak/* paths are no longer served.
• leak-buy now fails fast if the key file path does not exist or is not a regular readable file.

Upgrade / usage

• Agents should install and use leak-buy:
  • clawhub install leak-buy
• Recommended safe invocation pattern:
  • bash skills/leak-buy/scripts/buy.sh "$PROMO_URL" --buyer-private-key-file "$BUYER_KEY_FILE"

Clawhub publish order (recommended)

1. leak-buy
2. leak-publish
3. leak (migration stub)

Full Changelog: v2026.2.17-beta.0...v2026.2.17-beta.1