GitHub torrentclaw org is shadow-banned; CI is hosted at git.torrentclaw.com
now. Move workflows into the runner's natively-watched .forgejo/workflows/
tree and adapt steps to run in the available 'docker'-labeled Forgejo runner
without GitHub-only tooling (gh CLI, third-party marketplace actions).
- Use container: image to ship the toolchain (no actions/setup-* needed).
- Drop GitHub-only marketplace actions in favour of upstream installers
invoked over curl/apt.
- Where a workflow created a GitHub Release (release.yml), substitute the
step with a curl call against the Forgejo Releases API
(POST /repos/<owner>/<repo>/releases).
Replace unsafe string interpolation in aria2 RPC JSON construction
with jq --arg for proper escaping. Add magnet URL format validation
to reject arbitrary input. Refactor detect-client.sh JSON output
to use jq. Add CI security check to prevent regression.
Resolves VirusTotal "Suspicious" classification caused by the
shell injection vulnerability in add-torrent.sh.
Agent Skill for searching and downloading torrents via TorrentClaw.
Includes SKILL.md with OpenClaw metadata, bash scripts for torrent
client detection, CONTRIBUTING.md, CHANGELOG.md, CI/CD with GitHub
Actions (shellcheck + conventional commits), lefthook git hooks,
Makefile, and .editorconfig.
