feat: improve moderation trust UX in CLI and UI

[ArthurzKV]

Summary

Improve moderation trust UX in ClawHub CLI and web UI, including local verification guardrails.

Why

Users need actionable, structured moderation context during inspect/install/update flows and on skill detail pages.

Focused scope

This PR is scoped to one theme: CLI/UI trust transparency + local verification UX.

What changed

• Added CLI inspect --moderation output with structured moderation details.
• Improved install/update warnings with reason/evidence context.
• Added local static scan verification against server reason codes in install/update paths.
• Added moderation reason/evidence rendering in Skill Detail UI.
• Updated security/spec docs.
• Follow-up fixes included:
  • added missing moderation inspect schema for standalone CLI branch
  • removed redundant nullish coalescing in verification path
  • aligned local scanner reason code naming (suspicious.nonstandard_network)

Local validation

• bun run lint:oxlint
• bunx vitest run packages/clawdhub/src/cli/commands/inspect.test.ts packages/clawdhub/src/cli/commands/skills.test.ts

AI assistance transparency

• AI-assisted: Yes (implemented with Codex assistance)
• Testing level: Targeted local validation on touched CLI paths
• I reviewed the final diffs and understand the behavior changes.

[vercel]

@ArthurzKV is attempting to deploy a commit to the Amantus Machina Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

_{8 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[ArthurzKV]

Addressed CLI branch follow-ups:

• fa87219: added moderation inspect response schema and extended skill moderation schema fields, fixing inspect --moderation schema path.
• simplified redundant nullish coalescing in local moderation verification.
• e715a2f: aligned local scanner reason code name to suspicious.nonstandard_network.

Validation run: lint + CLI inspect/skills tests.