feat(ci): add updating skill and weekly-update workflow

- Add updating skill for coordinating npm and checksum updates
- Add updating-checksums skill for SHA-256 verification
- Add weekly-update.yml workflow for automated dependency updates
- Fix .gitignore to allow .claude/skills/ and .claude/commands/

Author: jdalton

.claude/commands/quality-loop.md

@@ -0,0 +1,55 @@
+# quality-loop
+
+Run comprehensive quality scan and automatic issue fixing loop for socket-cli.
+
+## What it does
+
+Executes an iterative quality improvement cycle:
+
+1. Updates dependencies
+2. Cleans up repository (removes junk files)
+3. Validates code structure
+4. Runs specialized quality scans
+5. Fixes ALL issues found
+6. Commits fixes
+7. Repeats until zero issues or 5 iterations
+
+## Usage
+
+```bash
+/quality-loop
+```
+
+## Scan types
+
+- **critical** - Crashes, security, data corruption, auth handling
+- **logic** - Algorithm errors, edge cases, validation bugs
+- **cache** - Config/token caching correctness
+- **workflow** - Build scripts, CI/CD, cross-platform compatibility
+- **security** - GitHub Actions security, credential handling
+- **documentation** - Command examples, flag accuracy, API docs
+
+## Process
+
+The skill will:
+- Ask which scans to run (default: all)
+- Run dependency updates
+- Clean junk files with confirmation
+- Execute selected scans sequentially
+- Aggregate and deduplicate findings
+- Fix issues and commit changes
+- Repeat until clean or max iterations
+
+## Exit conditions
+
+- ✅ Success: Zero issues found
+- ⏹️ Stop: After 5 iterations (prevent infinite loops)
+
+## Notes
+
+- Commits fixes with proper git messages
+- Skips no issues (fixes architectural problems too)
+- Runs tests after each iteration
+- Reports progress and statistics
+
+Use this command to maintain high code quality standards across socket-cli.

.claude/commands/sync-checksums.md

@@ -0,0 +1,38 @@
+Sync SHA-256 checksums from GitHub releases to external-tools.json using the syncing-checksums skill.
+
+## What it does
+
+1. Fetches checksums.txt from GitHub releases (or computes from assets)
+2. Updates packages/cli/external-tools.json
+3. Validates JSON syntax
+4. Commits changes (if any)
+
+## Tools synced
+
+Only `github-release` type tools are synced:
+
+- opengrep - OpenGrep SAST/code analysis engine
+- python - Python runtime from python-build-standalone
+- socket-patch - Socket Patch CLI (Rust binary)
+- sfw - Socket Firewall
+- trivy - Container vulnerability scanner
+- trufflehog - Secret detection
+
+## Usage
+
+```bash
+/sync-checksums
+```
+
+## Manual commands
+
+```bash
+# Sync all GitHub release tools
+node packages/cli/scripts/sync-checksums.mjs
+
+# Sync specific tool
+node packages/cli/scripts/sync-checksums.mjs --tool=opengrep
+
+# Dry run
+node packages/cli/scripts/sync-checksums.mjs --dry-run
+```