feat: 实现循环防护和安全验证功能

refactor(loop_guard): 为LoopGuard添加Clone派生
feat(capabilities): 实现CapabilityManager.validate()安全验证
fix(agentStore): 添加token用量追踪
chore: 删除未实现的Predictor/Lead HAND.toml文件
style(Credits): 移除假数据并标注开发中状态
refactor(Skills): 动态加载技能卡片
perf(configStore): 为定时任务添加localStorage降级
docs: 更新功能文档和版本变更记录

crates/zclaw-kernel/src/capabilities.rs

@@ -1,7 +1,7 @@
 //! Capability manager
 
 use dashmap::DashMap;
-use zclaw_types::{AgentId, Capability, CapabilitySet, Result};
+use zclaw_types::{AgentId, Capability, CapabilitySet, Result, ZclawError};
 
 /// Manages capabilities for all agents
 pub struct CapabilityManager {
@@ -52,9 +52,31 @@ impl CapabilityManager {
             .unwrap_or(false)
     }
 
-    /// Validate capabilities don't exceed parent's
-    pub fn validate(&self, _capabilities: &[Capability]) -> Result<()> {
-        // TODO: Implement capability validation
+    /// Validate capabilities for dangerous combinations
+    ///
+    /// Checks that overly broad capabilities are not combined with
+    /// dangerous operations. Returns an error if an unsafe combination
+    /// is detected.
+    pub fn validate(&self, capabilities: &[Capability]) -> Result<()> {
+        let has_tool_all = capabilities.iter().any(|c| matches!(c, Capability::ToolAll));
+        let has_agent_kill = capabilities.iter().any(|c| matches!(c, Capability::AgentKill { .. }));
+        let has_shell_wildcard = capabilities.iter().any(|c| {
+            matches!(c, Capability::ShellExec { pattern } if pattern == "*")
+        });
+
+        // ToolAll + destructive operations is dangerous
+        if has_tool_all && has_agent_kill {
+            return Err(ZclawError::SecurityError(
+                "ToolAll 与 AgentKill 不能同时授予".to_string(),
+            ));
+        }
+
+        if has_tool_all && has_shell_wildcard {
+            return Err(ZclawError::SecurityError(
+                "ToolAll 与 ShellExec(\"*\") 不能同时授予".to_string(),
+            ));
+        }
+
         Ok(())
     }