feat: initial agent-builder plugin (v0.1.0)

Build complete autonomous agent systems with Claude Code.
7-phase guided workflow: map work, CLAUDE.md, agent team,
pipeline, security, deployment, test.

Components:
- commands/build.md: main guided workflow
- agents/builder.md: scaffolding agent
- skills/agent-system-design: architecture knowledge + 4 references
- scripts/templates: hooks, automation, launchd, systemd

Covers 22 OpenClaw capabilities across 4 deployment targets
(local, Mac Mini, VPS, Managed Agents).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/templates/pre-tool-use.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# PreToolUse hook: Block dangerous shell commands before execution.
+#
+# How it works:
+# - Claude Code calls this script BEFORE executing any Bash command
+# - If the script exits with code 2, the command is BLOCKED
+# - Exit 0 allows the command to proceed
+#
+# Customize: Add or remove patterns in the blocked_patterns array.
+# All patterns are matched case-insensitively against the full command.
+
+input=$(cat)
+tool_name=$(echo "$input" | python3 -c "import sys,json; print(json.load(sys.stdin).get('tool_name',''))" 2>/dev/null)
+command=$(echo "$input" | python3 -c "import sys,json; print(json.load(sys.stdin).get('tool_input',{}).get('command',''))" 2>/dev/null)
+
+# Only check Bash commands
+if [ "$tool_name" != "Bash" ]; then
+  exit 0
+fi
+
+# Blocked patterns -- customize this list for your use case
+blocked_patterns=(
+  "rm -rf /"
+  "rm -rf ~"
+  "rm -rf \$HOME"
+  "mkfs"
+  "dd if="
+  ":(){:|:&};:"
+  "chmod -R 777 /"
+  "curl.*|.*bash"
+  "wget.*|.*bash"
+  "curl.*|.*sh"
+  "wget.*|.*sh"
+  "> /dev/sda"
+  "sudo rm"
+  "shutdown"
+  "reboot"
+  "init 0"
+  "init 6"
+)
+
+for pattern in "${blocked_patterns[@]}"; do
+  if echo "$command" | grep -qi "$pattern"; then
+    echo '{"decision": "block", "reason": "Blocked by security hook: command matches dangerous pattern '"'$pattern'"'"}'
+    exit 2
+  fi
+done
+
+# Allow everything else
+exit 0