#8876: Confirmaciones para equipo de IT

<!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR appears to add internal/IT onboarding and debugging aids, and expands node capabilities/commands: - CLI/node host: adds `--caps`/`--commands` flags and changes the node’s default advertised capabilities/commands to include camera/screen/location and wildcard command scopes. - Gateway policy: expands Windows defaults and relaxes `declaredCommands` enforcement with a “temporary bypass.” - Gateway WS handler: adds localhost `fetch()` debug telemetry calls in the hot path. - Repo artifacts: adds a Cursor debug log, a script containing an embedded gateway token, a DigiKeyboard keystroke-injection sketch, and a git submodule pointer. Several of these changes (debug telemetry, embedded token, keystroke-injection tooling, and bypassed command enforcement) look like accidental/unsafe additions to the main codebase rather than production-ready features. <h3>Confidence Score: 1/5</h3> - This PR is not safe to merge as-is due to committed secrets, debug hooks, and security-policy relaxations. - Score is low because the changes include (1) an embedded auth token in a script, (2) unconditional debug `fetch()` calls in the gateway message handler, (3) command-policy enforcement bypasses, and (4) adding keystroke-injection tooling and debug logs into the repo. These are high-impact issues likely to be fixed before merge. - agente.txt, src/gateway/server/ws-connection/message-handler.ts, src/gateway/node-command-policy.ts, src/node-host/runner.ts, openclaw_ducky/openclaw_ducky.ino, .cursor/debug.log <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->