gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-14 22:11:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

auto-claude: subtask-5-1 - Update README.md with suppression feature

Browse Source
This commit is contained in:
David Abutbul
2026-02-16 15:58:48 +02:00
parent 73c81edb92
commit 8c7ccc2ea2
1 changed files with 78 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/openclaw-audit-watchdog/README.md
+78
View File
@@ -37,6 +37,84 @@ export PROMPTSEC_HOST_LABEL="prod-agent-1"
| `PROMPTSEC_EMAIL_TO` | Email recipient for reports | `target@example.com` |
| `PROMPTSEC_HOST_LABEL` | Host identifier in reports | hostname |
| `PROMPTSEC_GIT_PULL` | Pull latest before audit (0/1) | `0` |
| `OPENCLAW_AUDIT_CONFIG` | Path to suppression config file | Auto-detected |
## Suppression Configuration
Manage false-positive findings with the built-in suppression mechanism. Suppressed findings remain visible in reports but don't count toward critical/warning totals.
### Config File Location
The audit scanner checks these locations (in priority order):
1. `--config` flag argument
2. `OPENCLAW_AUDIT_CONFIG` environment variable
3. `~/.openclaw/security-audit.json` (primary)
4. `.clawsec/allowlist.json` (fallback)
### Example Configuration
```json
{
"suppressions": [
{
"checkId": "skills.code_safety",
"skill": "clawsec-suite",
"reason": "First-party security tooling, reviewed 2026-02-13",
"suppressedAt": "2026-02-13"
},
{
"checkId": "skills.permissions",
"skill": "my-internal-tool",
"reason": "Broad permissions required for legitimate functionality",
"suppressedAt": "2026-02-16"
}
]
}
```
### Required Fields
- **checkId**: Security check identifier (e.g., `skills.code_safety`)
- **skill**: Exact skill name to suppress
- **reason**: Justification for audit trail (required)
- **suppressedAt**: ISO 8601 date (YYYY-MM-DD)
### Usage
```bash
# Use default config location
./scripts/runner.sh
# Specify custom config
./scripts/runner.sh --config /path/to/config.json
# Or set via environment
export OPENCLAW_AUDIT_CONFIG=~/.openclaw/custom-audit.json
./scripts/runner.sh
```
### Report Output
Suppressed findings appear in a separate section:
```
CRITICAL (0):
(none)
WARNINGS (1):
[skills.network] some-skill: Unrestricted network access
INFO - SUPPRESSED (2):
[skills.code_safety] clawsec-suite: dangerous-exec detected
Reason: First-party security tooling, reviewed 2026-02-13
[skills.permissions] my-tool: Broad permission scope
Reason: Validated by security team, suppressedAt 2026-02-16
```
**Important**: Suppressions require BOTH `checkId` AND `skill` to match. This prevents over-suppression and maintains audit integrity.
See `examples/security-audit-config.example.json` for a complete template.
## Scripts