Title: Implement minimal core framework with PL injection and update build config

Key features implemented:
- Updated package metadata and dependencies in PKG-INFO, setup files
- Added main.py entry point for backward compatibility with README launch method
- Enhanced CLI with config options, system info command, and proper signal handling
- Implemented minimal PluginManager loading only plugin-loader core plugin
- Refactored PluginLoader to follow minimal core design, removed sandbox/isolation complexity
- Updated auto-dependency plugin with safer PL injection mechanism and disabled pl_injection
- Removed legacy plugin files (firewall, frp_proxy, ftp_server, multi_lang_deploy, ops_toolbox, security_gateway) as functionality moved to core plugin system
- Improved gitignore with comprehensive ignore patterns

The changes implement a minimal core framework design where only the plugin-loader is directly loaded by the core, with all other plugins managed through the PL injection mechanism, significantly simplifying the architecture.

store/@{FutureOSS}/code-reviewer/checks/security.py

@@ -0,0 +1,85 @@
+"""安全检查器"""
+
+
+class SecurityChecker:
+    """安全检查器"""
+
+    def check(self, filepath: str, content: str) -> list:
+        """执行安全检查"""
+        issues = []
+
+        # 检查硬编码密钥
+        issues.extend(self._check_secrets(filepath, content))
+
+        # 检查危险函数
+        issues.extend(self._check_dangerous_functions(filepath, content))
+
+        # 检查路径穿越
+        issues.extend(self._check_path_traversal(filepath, content))
+
+        return issues
+
+    def _check_secrets(self, filepath: str, content: str) -> list:
+        """检查硬编码密钥"""
+        issues = []
+        patterns = ['password', 'secret', 'token', 'api_key', 'access_token']
+
+        for i, line in enumerate(content.split('\n'), 1):
+            stripped = line.strip()
+            # 跳过注释和模式定义行
+            if stripped.startswith('#') or stripped.startswith('patterns') or "'" in stripped[:20]:
+                continue
+
+            for pattern in patterns:
+                if pattern + ' = "' in line.lower() or pattern + " = '" in line.lower():
+                    issues.append({
+                        "file": filepath,
+                        "line": i,
+                        "severity": "critical",
+                        "type": "hardcoded_secret",
+                        "message": f"发现硬编码密钥: {line.strip()[:50]}"
+                    })
+
+        return issues
+
+    def _check_dangerous_functions(self, filepath: str, content: str) -> list:
+        """检查危险函数"""
+        issues = []
+        dangerous = ['eval(', 'exec(', 'os.system(', 'subprocess.call(', 'subprocess.run(']
+
+        # 跳过检查安全检查器自身
+        if 'code-reviewer/checks/security.py' in filepath:
+            return []
+
+        for i, line in enumerate(content.split('\n'), 1):
+            # 跳过注释和模式定义行
+            stripped = line.strip()
+            if stripped.startswith('#') or 'dangerous' in stripped.lower() or "['" in stripped[:30]:
+                continue
+
+            for func in dangerous:
+                if func in line:
+                    issues.append({
+                        "file": filepath,
+                        "line": i,
+                        "severity": "warning",
+                        "type": "dangerous_function",
+                        "message": f"使用危险函数: {func.strip()}"
+                    })
+
+        return issues
+
+    def _check_path_traversal(self, filepath: str, content: str) -> list:
+        """检查路径穿越风险"""
+        issues = []
+
+        if '../' in content and 'open(' in content:
+            issues.append({
+                "file": filepath,
+                "line": 0,
+                "severity": "warning",
+                "type": "path_traversal_risk",
+                "message": "可能存在路径穿越漏洞"
+            })
+
+        return issues