diff --git a/BOOT.md b/BOOT.md
index fbf2e3d..ec7acc2 100644
--- a/BOOT.md
+++ b/BOOT.md
@@ -19,12 +19,16 @@ On gateway startup, run a silent security + readiness check for this workspace.
 
 ## Security checks
 
-4. Check internal hooks enabled state:
-   - `session-memory`
-   - `command-logger`
-   - `bootstrap-extra-files`
-   - `boot-md`
-   - if any are disabled/missing, record warning with exact hook name
+4. Check internal hooks enabled state (authoritative source: `openclaw hooks`):
+   - required hooks:
+     - `session-memory`
+     - `command-logger`
+     - `bootstrap-extra-files`
+     - `boot-md`
+     - `model-skill-injector`
+   - run `openclaw hooks` and treat `✓ ready` as installed+enabled
+   - if CLI/table parsing is ambiguous, mark `unknown` (do NOT report missing)
+   - only report warning when a required hook is clearly disabled/missing, with exact hook name
 5. Check permissions:
    - `~/.openclaw` should be `700`
    - credential files under `~/.openclaw/credentials/` should be `600`