fix: extract requires.env and homepage from top-level frontmatter

[MunemHashmi]

Summary

Fixes #522

• convex/lib/skills.ts: parseFrontmatterLevelDeclarations() now parses requires block (env, bins, anyBins, config) and primaryEnv from top-level SKILL.md frontmatter when no metadata.openclaw wrapper is present
• convex/llmEval.ts: evalCtx.homepage now falls back to clawdis.homepage and clawdis.links.homepage, so skills declaring homepage inside the metadata block are picked up by the security scanner
• convex/lib/skills.test.ts: Two new test cases covering the exact reproduction scenario from the issue

Root cause

When a skill declares requires.env at the top level of frontmatter (not nested under metadata.openclaw), parseClawdisMetadata delegates to parseFrontmatterLevelDeclarations. That fallback function handled envVars, dependencies, author, links, and homepage — but not requires. This meant parsed.clawdis.requires was always empty, so the security scanner showed "Required env vars: none" and flagged a metadata mismatch.

Test plan

• bun run test -- convex/lib/skills.test.ts — 30/30 pass (including 2 new tests)
• bun run lint — 0 warnings, 0 errors
• bun run build — successful

[vercel]

@MunemHashmi is attempting to deploy a commit to the Amantus Machina Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR successfully fixes issue #522 by enabling requires block (env, bins, anyBins, config) and primaryEnv parsing from top-level frontmatter when no metadata.openclaw wrapper is present. The implementation mirrors the existing clawdis block parsing logic for consistency and adds fallback logic for homepage in the security scanner.

Key Changes:

• parseFrontmatterLevelDeclarations() now parses requires block and primaryEnv from top-level frontmatter
• Security scanner (llmEval.ts) checks clawdis.homepage and clawdis.links.homepage as fallbacks
• Two comprehensive test cases validate the parsing behavior

Technical Quality:

• Implementation is consistent with existing code patterns
• Type-safe with proper validation
• Well-tested with clear test coverage
• Backward compatible - no breaking changes

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Score reflects focused changes that address a specific bug, consistent implementation patterns mirroring existing code, comprehensive test coverage with passing tests, and no breaking changes or security concerns identified
• No files require special attention

_{Last reviewed commit: bd57b10}