From fe08566adaeee6050e2a4f721560b759e93ce353 Mon Sep 17 00:00:00 2001
From: David Abutbul <David.a@prompt.security>
Date: Mon, 16 Feb 2026 16:14:57 +0200
Subject: [PATCH] - Add backslash escaping before quote escaping in oneline()
 function - Prevents incomplete string escaping vulnerability - Resolves
 CodeQL alert:
 https://github.com/prompt-security/clawsec/security/code-scanning/16

---
 skills/openclaw-audit-watchdog/scripts/setup_cron.mjs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/skills/openclaw-audit-watchdog/scripts/setup_cron.mjs b/skills/openclaw-audit-watchdog/scripts/setup_cron.mjs
index 8bf7e52..7dbfec1 100755
--- a/skills/openclaw-audit-watchdog/scripts/setup_cron.mjs
+++ b/skills/openclaw-audit-watchdog/scripts/setup_cron.mjs
@@ -52,6 +52,7 @@ function envOrEmpty(name) {
 function oneline(v) {
   return String(v ?? "")
     .replace(/[\r\n]+/g, " ")
+    .replace(/\\/g, "\\\\")
     .replace(/"/g, "\\\"")
     .trim();
 }