- Rollback plugin config on setup failure so a half-configured
notifier is never left enabled (non-transactional install fix)
- Use atomic temp+rename for health summary writes to prevent
corruption under concurrent notifications
- Scope credential injection to only when OpenClaw notifier is
configured, avoiding ambient secret exposure to unrelated projects
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>