fix: resolve 7 identified issues [automated]

[Sldark23]

This automated PR resolves 7 open issues prioritized across bugs, cross-platform compatibility, and security hardening.

Resolved issues

1. [Bug]: Background process updates can leak into the wrong Slack thread #18101 — Background process updates leaking into wrong Slack thread

   • Fix: keep background process update routing pinned to the originating Slack thread context.
   • Files: gateway/run.py

2. [Bug]: [Email] IMAP fetch error: 'int' object has no attribute 'decode' #18106 — Email IMAP fetch error: 'int' object has no attribute 'decode'

   • Fix: normalize and guard IMAP fetch/decode handling to avoid invalid decode calls on integer fields.
   • Files: gateway/platforms/email.py

3. openclaw migration: 3 issues (whatsapp config dropped, --overwrite appends providers, stale gateway PID) #18097 — OpenClaw migration drops WhatsApp config keys

   • Fix: map/migrate WhatsApp settings (enabled, dmPolicy, groupPolicy, sendReadReceipts, ackReaction) into Hermes config during migration.
   • Files: optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py

4. tools/approval.py: Add reverse shell, download-execute, and credential read patterns to DANGEROUS_PATTERNS #17873 — Security hardening in dangerous command detection

   • Fix: add patterns for reverse shell signatures, download-then-execute flows, sensitive credential reads, stdin sudo password usage, and curl upload exfiltration indicators.
   • Files: tools/approval.py

5. Profile creation accepts reserved names like 'main' (re-introduces #12099 in a corner case) #17879 — Reserved profile name gap (main) can reintroduce namespace collisions

   • Fix: include main in reserved profile names and enforce reserved-name check in profile creation.
   • Files: hermes_cli/profiles.py

6. skill_view resolves by directory name but skills_list displays frontmatter name — mismatch causes 'not found' #17914 — skill_view mismatch with frontmatter name

   • Fix: allow skill_view resolution by frontmatter name in addition to directory name, matching skills_list output.
   • Files: tools/skills_tool.py

7. Auxiliary tasks don't inherit provider-level base_url/api_key from config #17737 — Auxiliary tasks not inheriting provider-level base_url/api_key

   • Fix: inherit providers.<name> credentials when auxiliary.<task>.provider is set without explicit task-level overrides.
   • Files: agent/auxiliary_client.py

Commits

• fix: route background process updates to original Slack thread ([Bug]: Background process updates can leak into the wrong Slack thread #18101)
• fix: resolve IMAP fetch error: 'int' object has no attribute 'decode' ([Bug]: [Email] IMAP fetch error: 'int' object has no attribute 'decode' #18106)
• fix(migration): preserve WhatsApp config keys during OpenClaw migration (openclaw migration: 3 issues (whatsapp config dropped, --overwrite appends providers, stale gateway PID) #18097)
• fix(security): expand dangerous command detection patterns (tools/approval.py: Add reverse shell, download-execute, and credential read patterns to DANGEROUS_PATTERNS #17873)
• fix(profile): block reserved profile names including main (Profile creation accepts reserved names like 'main' (re-introduces #12099 in a corner case) #17879)
• fix(skills): allow skill_view lookup by frontmatter name (skill_view resolves by directory name but skills_list displays frontmatter name — mismatch causes 'not found' #17914)
• fix(auxiliary): inherit provider base_url/api_key for task providers (Auxiliary tasks don't inherit provider-level base_url/api_key from config #17737)