docs: typography hygiene across 4 large pages

Replaced 152 typography characters (curly quotes, apostrophes, em/en
dashes, non-breaking hyphens) with ASCII equivalents so grep,
copy-paste, and Mintlify search hit clean tokens. Per docs/CLAUDE.md
heading and content hygiene rules.

- docs/gateway/security/index.md: 59 chars
- docs/plugins/hooks.md: 34 chars
- docs/reference/session-management-compaction.md: 30 chars
- docs/tools/clawhub.md: 29 chars

docs/tools/clawhub.md

@@ -29,7 +29,7 @@ Site: [clawhub.ai](https://clawhub.ai)
     ```
   </Step>
   <Step title="Use">
-    Start a new OpenClaw session — it picks up the new skill.
+    Start a new OpenClaw session - it picks up the new skill.
   </Step>
   <Step title="Publish (optional)">
     For registry-authenticated workflows (publish, sync, manage), install
@@ -152,7 +152,7 @@ shared, and gated, see [Skills](/tools/skills).
 
 ## Security and moderation
 
-ClawHub is open by default — anyone can upload skills, but a GitHub
+ClawHub is open by default - anyone can upload skills, but a GitHub
 account must be **at least one week old** to publish. This slows down
 abuse without blocking legitimate contributors.
 
@@ -221,9 +221,9 @@ publish/sync.
 
     Login options:
 
-    - `--token <token>` — paste an API token.
-    - `--label <label>` — label stored for browser login tokens (default: `CLI token`).
-    - `--no-browser` — do not open a browser (requires `--token`).
+    - `--token <token>` - paste an API token.
+    - `--label <label>` - label stored for browser login tokens (default: `CLI token`).
+    - `--no-browser` - do not open a browser (requires `--token`).
 
   </Accordion>
   <Accordion title="Search">
@@ -233,7 +233,7 @@ publish/sync.
 
     Searches skills. For plugin/package discovery, use `clawhub package explore`.
 
-    - `--limit <n>` — max results.
+    - `--limit <n>` - max results.
 
   </Accordion>
   <Accordion title="Browse / inspect plugins">
@@ -247,12 +247,12 @@ publish/sync.
 
     Options:
 
-    - `--family skill|code-plugin|bundle-plugin` — filter package family.
-    - `--official` — show only official packages.
-    - `--executes-code` — show only packages that execute code.
-    - `--version <version>` / `--tag <tag>` — inspect a specific package version.
-    - `--versions`, `--files`, `--file <path>` — inspect package history and files.
-    - `--json` — machine-readable output.
+    - `--family skill|code-plugin|bundle-plugin` - filter package family.
+    - `--official` - show only official packages.
+    - `--executes-code` - show only packages that execute code.
+    - `--version <version>` / `--tag <tag>` - inspect a specific package version.
+    - `--versions`, `--files`, `--file <path>` - inspect package history and files.
+    - `--json` - machine-readable output.
 
   </Accordion>
   <Accordion title="Install / update / list">
@@ -265,8 +265,8 @@ publish/sync.
 
     Options:
 
-    - `--version <version>` — install or update to a specific version (single slug only on `update`).
-    - `--force` — overwrite if the folder already exists, or when local files do not match any published version.
+    - `--version <version>` - install or update to a specific version (single slug only on `update`).
+    - `--force` - overwrite if the folder already exists, or when local files do not match any published version.
     - `clawhub list` reads `.clawhub/lock.json`.
 
   </Accordion>
@@ -277,11 +277,11 @@ publish/sync.
 
     Options:
 
-    - `--slug <slug>` — skill slug.
-    - `--name <name>` — display name.
-    - `--version <version>` — semver version.
-    - `--changelog <text>` — changelog text (can be empty).
-    - `--tags <tags>` — comma-separated tags (default: `latest`).
+    - `--slug <slug>` - skill slug.
+    - `--name <name>` - display name.
+    - `--version <version>` - semver version.
+    - `--changelog <text>` - changelog text (can be empty).
+    - `--tags <tags>` - comma-separated tags (default: `latest`).
 
   </Accordion>
   <Accordion title="Publish plugins">
@@ -294,9 +294,9 @@ publish/sync.
 
     Options:
 
-    - `--dry-run` — build the exact publish plan without uploading anything.
-    - `--json` — emit machine-readable output for CI.
-    - `--source-repo`, `--source-commit`, `--source-ref` — optional overrides when auto-detection is not enough.
+    - `--dry-run` - build the exact publish plan without uploading anything.
+    - `--json` - emit machine-readable output for CI.
+    - `--source-repo`, `--source-commit`, `--source-ref` - optional overrides when auto-detection is not enough.
 
   </Accordion>
   <Accordion title="Request rescans">
@@ -329,13 +329,13 @@ publish/sync.
 
     Options:
 
-    - `--root <dir...>` — extra scan roots.
-    - `--all` — upload everything without prompts.
-    - `--dry-run` — show what would be uploaded.
-    - `--bump <type>` — `patch|minor|major` for updates (default: `patch`).
-    - `--changelog <text>` — changelog for non-interactive updates.
-    - `--tags <tags>` — comma-separated tags (default: `latest`).
-    - `--concurrency <n>` — registry checks (default: `4`).
+    - `--root <dir...>` - extra scan roots.
+    - `--all` - upload everything without prompts.
+    - `--dry-run` - show what would be uploaded.
+    - `--bump <type>` - `patch|minor|major` for updates (default: `patch`).
+    - `--changelog <text>` - changelog for non-interactive updates.
+    - `--tags <tags>` - comma-separated tags (default: `latest`).
+    - `--concurrency <n>` - registry checks (default: `4`).
 
   </Accordion>
 </AccordionGroup>