gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-24 02:41:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

auto-claude: subtask-3-1 - Add --config flag to run_audit_and_format.sh

Browse Source 
- Added --config flag to accept path to config file
- Added --help flag with usage documentation
- Config flag is passed to openclaw audit commands when provided
- Follows existing pattern for --label flag
This commit is contained in:
David Abutbul
2026-02-16 15:48:17 +02:00
parent 17c0af8d9b
commit 25b73ef92b
1 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh
+26 -3
View File
@@ -4,13 +4,31 @@ set -euo pipefail
# Runs openclaw security audits and prints a formatted report to stdout.
#
# Usage:
# ./run_audit_and_format.sh [--label "custom label"]
# ./run_audit_and_format.sh [--label "custom label"] [--config <path>]
show_help() {
cat <<EOF
Usage: run_audit_and_format.sh [OPTIONS]
Options:
--label <text> Custom label for the report
--config <path> Path to config file (e.g., allowlist.json)
--help Show this help message
EOF
exit 0
}
LABEL=""
CONFIG=""
while [[ $# -gt 0 ]]; do
case "$1" in
--label)
LABEL="${2:-}"; shift 2 ;;
--config)
CONFIG="${2:-}"; shift 2 ;;
--help)
show_help ;;
*)
echo "Unknown arg: $1" >&2
exit 2
@@ -35,14 +53,19 @@ run_audit() {
local errfile
errfile="$(mktemp "${TMPDIR%/}/openclaw_audit.XXXXXX.err")"
local config_args=()
if [[ -n "$CONFIG" ]]; then
config_args=(--config "$CONFIG")
fi
# kind is either: "audit" or "deep"
if [[ "$kind" == "audit" ]]; then
if ! openclaw security audit --json >"$outfile" 2>"$errfile"; then
if ! openclaw security audit --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then
printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"audit failed: %s"}\n' \
"$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile"
fi
else
if ! openclaw security audit --deep --json >"$outfile" 2>"$errfile"; then
if ! openclaw security audit --deep --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then
printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"deep failed: %s"}\n' \
"$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile"
fi