Add dangerous command blocking and cron agent scheduling

Dangerous command approval: run_command skill now checks commands
against 9 regex patterns (rm -rf /, dd, mkfs, fork bombs, shutdown,
device writes, etc.) and blocks execution with a clear message.
Defense-in-depth layer on top of VM isolation.

Cron agents: templates support schedule (5-field cron) and
schedule_timeout (seconds, default 300) fields. Overseer checks
every 60s, spawns {name}-cron agents on match, auto-destroys after
timeout. Inline cron parser supports *, ranges, lists, and steps.
No npm dependencies added.

skills/run_command/run.py

@@ -2,10 +2,36 @@
 import subprocess
 import sys
 import json
+import re
+
+DANGEROUS_PATTERNS = [
+    (re.compile(r'\brm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+)?-[a-zA-Z]*r[a-zA-Z]*\s+(/|~|\.)(\s|$)'), "recursive delete of critical path"),
+    (re.compile(r'\brm\s+(-[a-zA-Z]*r[a-zA-Z]*\s+)?-[a-zA-Z]*f[a-zA-Z]*\s+(/|~|\.)(\s|$)'), "recursive delete of critical path"),
+    (re.compile(r'\bdd\s+if='), "raw disk write (dd)"),
+    (re.compile(r'\bmkfs\b'), "filesystem format"),
+    (re.compile(r':\(\)\s*\{[^}]*:\s*\|\s*:'), "fork bomb"),
+    (re.compile(r'>\s*/dev/[sh]d[a-z]'), "device write"),
+    (re.compile(r'\bchmod\s+(-[a-zA-Z]*R[a-zA-Z]*\s+)?777\s+/(\s|$)'), "recursive chmod 777 on /"),
+    (re.compile(r'\b(shutdown|reboot|halt|poweroff)\b'), "system shutdown/reboot"),
+    (re.compile(r'\bkill\s+-9\s+(-1|1)\b'), "kill init or all processes"),
+]
+
+
+def check_dangerous(cmd):
+    for pattern, desc in DANGEROUS_PATTERNS:
+        if pattern.search(cmd):
+            return desc
+    return None
+
 
 args = json.loads(sys.stdin.read())
 command = args.get("command", "")
 
+blocked = check_dangerous(command)
+if blocked:
+    print(f'[blocked: command matches dangerous pattern "{blocked}". This command was not executed.]')
+    sys.exit(0)
+
 try:
     result = subprocess.run(
         ["bash", "-c", command],