chore(workspace): add hardened startup/security workflows and skill suite

skills/homelab-service-health/SKILL.md

@@ -0,0 +1,43 @@
+---
+name: homelab-service-health
+description: Run lightweight read-only health checks for OpenClaw homelab services (runtime, Docker workloads, LAN endpoints, optional namespace-scoped Kubernetes checks). Use for status snapshots, outage triage, drift detection, and safe next-step remediation planning.
+---
+
+# Homelab Service Health
+
+## Priorities
+
+- Detect breakage fast.
+- Keep checks cheap for Raspberry Pi-class hardware.
+- Recommend low-risk remediations before heavy actions.
+
+## Default scope
+
+Unless user narrows scope, check in this order:
+
+1. OpenClaw runtime health/status.
+2. Docker services listed in `TOOLS.md` (for this workspace: searxng, whisper-server, brave-search MCP).
+3. Reachability of documented LAN endpoints.
+4. Optional Kubernetes checks scoped to intended namespace only.
+
+## Safety constraints
+
+- Read-only first; do not restart/change config without approval.
+- Avoid destructive or cluster-wide kubectl operations.
+- Prefer summary signals over full log dumps.
+
+## Workflow
+
+1. Load expected service inventory from `TOOLS.md`.
+2. Run quick status/reachability checks.
+3. Classify each component: healthy | degraded | down | unknown.
+4. Provide likely cause and smallest safe next step for failures.
+5. Offer opt-in remediation commands/actions.
+
+## Output contract
+
+- **Overall:** healthy | degraded | incident
+- **Healthy now:** short list
+- **Issues:** service -> symptom -> likely cause -> safe next step
+- **Recommended actions:** ordered low-risk first
+- **Escalate when:** explicit trigger for deeper investigation