PR #69489: fix(skills): add WHEN + trigger phrases to 4 skill descriptions

• Repository: openclaw/openclaw
• Author: hclsys
• State: open | merged: False
• Link: https://github.com/openclaw/openclaw/pull/69489

Description (problem / solution / changelog)

Problem

Per the Anthropic skill spec (which the OpenClaw skill router follows), every `description` field must include both what the skill does and when to use it (trigger conditions). Without WHEN, routing silently under-selects the skill.

Reporter @pescaohq-web audited 12 OpenClaw-distributed skills in #69475 and flagged 4 HIGH findings:

1. `skills/gog` — Google Workspace CLI
2. `skills/session-logs` — jq over prior sessions
3. `extensions/memory-wiki/skills/obsidian-vault-maintainer`
4. `extensions/memory-wiki/skills/wiki-maintainer`

Fix

Added `Use when (1)…(2)…` + concrete trigger phrases to each, matching the pattern already used by `skills/coding-agent` and `skills/github` (which both pass the audit). Pure frontmatter text change.

Scope

This PR is intentionally tight to the 4 HIGH items so it can land quickly. The issue's MEDIUM finding (`skills/gh-issues` exceeds the 5000-word cap) is a refactor into a `references/` subdir and better scoped as a separate change.

Pre-implement audit

• A (existing helper): Pattern already exists in `coding-agent` and `github` — reused.
• B (shared callers): Frontmatter is routing input, not imported code — no caller-contract surface.
• C (broader rival): `gh pr list --search "69475"` returned zero rivals.

Partially addresses #69475 (HIGH items only; MEDIUM gh-issues size-cap left for a separate PR).

Changed files

• extensions/memory-wiki/skills/obsidian-vault-maintainer/SKILL.md (modified, +1/-1)
• extensions/memory-wiki/skills/wiki-maintainer/SKILL.md (modified, +1/-1)
• skills/gog/SKILL.md (modified, +1/-1)
• skills/session-logs/SKILL.md (modified, +1/-1)

PR #69529: fix: prevent defaultAccountId leak in cross-provider message sends

• Repository: openclaw/openclaw
• Author: hszhsz
• State: open | merged: False
• Link: https://github.com/openclaw/openclaw/pull/69529

Description (problem / solution / changelog)

Summary

Two bug fixes bundled in this PR:

Fix 1: #69525 — Cross-provider message send leaks source session accountId to target channel

When sending messages across providers (e.g. Telegram → Feishu) with allowAcrossProviders: true, the source session's defaultAccountId was incorrectly propagated to the target channel plugin, which has no account registered under that name.

File: src/infra/outbound/message-action-runner.ts

const explicitlyProvidedAccountId = readStringParam(params, "accountId");
const allowAcrossProviders = cfg.tools?.message?.crossContext?.allowAcrossProviders === true;
const isCrossProvider = Boolean(
  allowAcrossProviders &&
    input.toolContext?.currentChannelProvider &&
    input.toolContext.currentChannelProvider !== channel,
);
let accountId = explicitlyProvidedAccountId ?? (isCrossProvider ? undefined : input.defaultAccountId);

Fix 2: #69482 — Telegram "Allow always" source field rejected by gateway

Telegram "Allow always" approval handler writes source: "allow-always", but the gateway schema for exec.approvals.set didn't include this field, causing openclaw approvals set --gateway to reject entries with unexpected property 'source'.

File: src/gateway/protocol/schema/exec-approvals.ts

Added source: Type.Optional(Type.String()) to ExecApprovalsAllowlistEntrySchema.

Also included: #69475 (partial) — Skill description fixes

Updated SKILL.md description fields for gog and session-logs to include Use when: trigger conditions per the Anthropic skill spec.

Files: skills/gog/SKILL.md, skills/session-logs/SKILL.md

Changed files

• skills/gog/SKILL.md (modified, +1/-1)
• skills/session-logs/SKILL.md (modified, +1/-1)
• src/gateway/protocol/schema/exec-approvals.ts (modified, +3/-0)
• src/infra/outbound/message-action-runner.test.ts (modified, +66/-0)
• src/infra/outbound/message-action-runner.ts (modified, +13/-1)