diff --git a/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh b/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh index ad91c43..0a7117f 100755 --- a/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh +++ b/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh @@ -4,13 +4,31 @@ set -euo pipefail # Runs openclaw security audits and prints a formatted report to stdout. # # Usage: -# ./run_audit_and_format.sh [--label "custom label"] +# ./run_audit_and_format.sh [--label "custom label"] [--config ] + +show_help() { + cat < Custom label for the report + --config Path to config file (e.g., allowlist.json) + --help Show this help message + +EOF + exit 0 +} LABEL="" +CONFIG="" while [[ $# -gt 0 ]]; do case "$1" in --label) LABEL="${2:-}"; shift 2 ;; + --config) + CONFIG="${2:-}"; shift 2 ;; + --help) + show_help ;; *) echo "Unknown arg: $1" >&2 exit 2 @@ -35,14 +53,19 @@ run_audit() { local errfile errfile="$(mktemp "${TMPDIR%/}/openclaw_audit.XXXXXX.err")" + local config_args=() + if [[ -n "$CONFIG" ]]; then + config_args=(--config "$CONFIG") + fi + # kind is either: "audit" or "deep" if [[ "$kind" == "audit" ]]; then - if ! openclaw security audit --json >"$outfile" 2>"$errfile"; then + if ! openclaw security audit --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"audit failed: %s"}\n' \ "$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile" fi else - if ! openclaw security audit --deep --json >"$outfile" 2>"$errfile"; then + if ! openclaw security audit --deep --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"deep failed: %s"}\n' \ "$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile" fi