From 25b73ef92b9f1c0c05103390a9cb591bce22d5ae Mon Sep 17 00:00:00 2001
From: David Abutbul <David.a@prompt.security>
Date: Mon, 16 Feb 2026 15:48:17 +0200
Subject: [PATCH] auto-claude: subtask-3-1 - Add --config flag to
 run_audit_and_format.sh

- Added --config flag to accept path to config file
- Added --help flag with usage documentation
- Config flag is passed to openclaw audit commands when provided
- Follows existing pattern for --label flag
---
 .../scripts/run_audit_and_format.sh           | 29 +++++++++++++++++--
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh b/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh
index ad91c43..0a7117f 100755
--- a/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh
+++ b/skills/openclaw-audit-watchdog/scripts/run_audit_and_format.sh
@@ -4,13 +4,31 @@ set -euo pipefail
 # Runs openclaw security audits and prints a formatted report to stdout.
 #
 # Usage:
-#   ./run_audit_and_format.sh [--label "custom label"]
+#   ./run_audit_and_format.sh [--label "custom label"] [--config <path>]
+
+show_help() {
+  cat <<EOF
+Usage: run_audit_and_format.sh [OPTIONS]
+
+Options:
+  --label <text>     Custom label for the report
+  --config <path>    Path to config file (e.g., allowlist.json)
+  --help             Show this help message
+
+EOF
+  exit 0
+}
 
 LABEL=""
+CONFIG=""
 while [[ $# -gt 0 ]]; do
   case "$1" in
     --label)
       LABEL="${2:-}"; shift 2 ;;
+    --config)
+      CONFIG="${2:-}"; shift 2 ;;
+    --help)
+      show_help ;;
     *)
       echo "Unknown arg: $1" >&2
       exit 2
@@ -35,14 +53,19 @@ run_audit() {
   local errfile
   errfile="$(mktemp "${TMPDIR%/}/openclaw_audit.XXXXXX.err")"
 
+  local config_args=()
+  if [[ -n "$CONFIG" ]]; then
+    config_args=(--config "$CONFIG")
+  fi
+
   # kind is either: "audit" or "deep"
   if [[ "$kind" == "audit" ]]; then
-    if ! openclaw security audit --json >"$outfile" 2>"$errfile"; then
+    if ! openclaw security audit --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then
       printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"audit failed: %s"}\n' \
         "$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile"
     fi
   else
-    if ! openclaw security audit --deep --json >"$outfile" 2>"$errfile"; then
+    if ! openclaw security audit --deep --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then
       printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"deep failed: %s"}\n' \
         "$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile"
     fi