The configure-ecc skill (English source) and ja-JP top-level README plus
its configure-ecc translation documented `cp -r .../<lang>/* <target>/rules/`
for installing rule directories. rules/README.md explicitly warns against
this form because:
- Common and language-specific directories contain same-named files
(coding-style.md, testing.md, patterns.md, hooks.md, security.md).
Flattening makes each language overwrite the previous and common.
- The relative `../common/<file>.md` references in language rule files
break when common/ is no longer a sibling directory.
This is silent — the user gets only the last language's rules with no
error message.
Replace with the directory-form copy already documented in
rules/README.md:
cp -r .../<lang> <target>/rules/<lang>
Scope: English source + ja-JP. Closes#1879. Other locale translations
(zh-CN, ko-KR, pt-BR, tr) carry the same pattern and can follow up as
separate PRs to keep this change reviewable.
- add a current Vietnamese onboarding README adapted from stale community PR #1322
- link Vietnamese from the existing localized README language selectors
- keep stale full translation content out of tree while preserving useful contributor work
Translate English prose inside plain text code blocks (```text, ```)
across ja-JP documentation to Japanese, following the same approach
as PR #753 (zh-CN translation).
Translated content includes:
- Output template labels and status messages
- Folder tree inline comments
- CLI workflow descriptions
- Error/warning message examples
- Commit message templates and PR title examples
Technical identifiers, file paths, and actual code remain untranslated.
When installed as a plugin, /plan triggers Claude Code's built-in plan
mode instead of the plugin's plan skill. Updated all 4 README files
(EN, zh-CN, zh-TW, ja-JP) to show the plugin-namespaced form with a
comment noting the shorter form works for manual installs.
Also fixes markdownlint MD012 violation in chief-of-staff.md (trailing
double blank line from #280 merge).
Fixes#297
New articles:
- the-security-guide.md: "The Shorthand Guide to Securing Your Agent" (595 lines)
Attack vectors, sandboxing, sanitization, OWASP Top 10, observability
- the-openclaw-guide.md: "The Hidden Danger of OpenClaw" (470 lines)
Security analysis of OpenClaw, MiniClaw thesis, industry evidence
External link sanitization (22 files across EN, zh-CN, zh-TW, ja-JP, .cursor):
- Removed third-party GitHub links from skills and guides
- Replaced with inline descriptions to prevent transitive prompt injection
- Kept official org links (Anthropic, Google, Supabase, Mixedbread)
New community skills: content-hash-cache-pattern, cost-aware-llm-pipeline,
regex-vs-llm-structured-text, swift-actor-persistence, swift-protocol-di-testing
