openclaw-audit-watchdog

Original source / Raw SKILL.md

---
name: openclaw-audit-watchdog
version: 0.1.1
description: Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.
homepage: https://clawsec.prompt.security
metadata: {"openclaw":{"emoji":"🔭","category":"security"}}
clawdis:
  emoji: "🔭"
  requires:
    bins: [bash, curl]
---

# Prompt Security Audit (openclaw)

## Installation Options

You can get openclaw-audit-watchdog in two ways:

### Option A: Bundled with ClawSec Suite (Recommended)

**If you've installed clawsec-suite, you may already have this!**

Openclaw-audit-watchdog is bundled alongside ClawSec Suite to provide crucial automated security audit capabilities. When you install the suite, if you don't already have the audit watchdog installed, it will be deployed from the bundled copy.

**Advantages:**
- Convenient - no separate download needed
- Standard location - installed to `~/.openclaw/skills/openclaw-audit-watchdog/`
- Preserved - if you already have audit watchdog installed, it won't be overwritten
- Single verification - integrity checked as part of suite package

### Option B: Standalone Installation (This Page)

Install openclaw-audit-watchdog independently without the full suite.

**When to use standalone:**
- You only need the audit watchdog (not other suite components)
- You want to install before installing the suite
- You prefer explicit control over audit watchdog installation

**Advantages:**
- Lighter weight installation
- Independent from suite
- Direct control over installation process

Continue below for standalone installation instructions.

---

## Goal

Create (or update) a daily cron job that:

1) Runs:
- `openclaw security audit --json`
- `openclaw security audit --deep --json`

2) Summarizes findings (critical/warn/info + top findings)

3) Sends the report to:
- a user-selected DM target (channel + recipient id/handle)

Default schedule: **daily at 23:00 (11pm)** in the chosen timezone.

Delivery:
- DM to last active session

## Usage Examples

### Example 1: Quick Start (Environment Variables)

For automated/MDM deployments, set environment variables before invoking:

```bash
export PROMPTSEC_DM_CHANNEL="telegram"
export PROMPTSEC_DM_TO="@yourhandle"
export PROMPTSEC_TZ="America/New_York"
export PROMPTSEC_HOST_LABEL="prod-server-01"

# Then invoke the skill
/openclaw-audit-watchdog
```

The skill will automatically configure and create the cron job without prompts.

### Example 2: Interactive Setup

If environment variables aren't set, the skill will prompt minimally:

```
User: /openclaw-audit-watchdog

Agent: Setting up daily security audit watchdog...
       What channel should I use for delivery? (e.g., telegram, slack)
User: telegram

Agent: What's the recipient ID or handle?
User: @myhandle

Agent: Which timezone for the 23:00 daily run? (default: UTC)
User: America/Los_Angeles

Agent: ✓ Created cron job "Daily security audit (Prompt Security)"
       Schedule: Daily at 23:00 America/Los_Angeles
       Delivery: telegram → @myhandle
```

### Example 3: Updating Existing Job

If a job already exists, the skill updates it instead of creating duplicates:

```
User: /openclaw-audit-watchdog

Agent: Found existing "Daily security audit (Prompt Security)" job.
       Current: Daily at 23:00 UTC → telegram:@oldhandle

       Update delivery target? (current: telegram:@oldhandle)
User: slack:#security-alerts

Agent: ✓ Updated cron job
       Schedule: Daily at 23:00 UTC
       Delivery: slack:#security-alerts
```

### Example 4: What Gets Delivered

Each day at the scheduled time, you'll receive a report like:

```
🔭 Daily Security Audit Report
Host: prod-server-01
Time: 2026-02-16 23:00:00 America/New_York

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SUMMARY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✓ Standard Audit: 12 checks passed, 2 warnings
✓ Deep Audit: 8 probes passed, 1 critical

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CRITICAL FINDINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[CRIT-001] Unencrypted API Keys Detected
→ Remediation: Move credentials to encrypted vault or use environment variables

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WARNINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[WARN-003] Outdated Dependencies Found
→ Remediation: Run `openclaw security audit --fix` to update

[WARN-007] Weak Permission on Config File
→ Remediation: chmod 600 ~/.openclaw/config.json

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Run `openclaw security audit --deep` for full details.
```

### Example 5: Custom Schedule

Want a different schedule? Set it before invoking:

```bash
# Run every 6 hours instead of daily
export PROMPTSEC_SCHEDULE="0 */6 * * *"
/openclaw-audit-watchdog
```

### Example 6: Multiple Environments

For managing multiple servers, use different host labels:

```bash
# On dev server
export PROMPTSEC_HOST_LABEL="dev-01"
export PROMPTSEC_DM_TO="@dev-team"
/openclaw-audit-watchdog

# On prod server
export PROMPTSEC_HOST_LABEL="prod-01"
export PROMPTSEC_DM_TO="@oncall"
/openclaw-audit-watchdog
```

Each will send reports with clear host identification.

### Example 7: Suppressing Known Findings

To suppress audit findings that have been reviewed and accepted, pass the `--enable-suppressions` flag and ensure the config file includes the `"enabledFor": ["audit"]` sentinel:

```bash
# Create or edit the suppression config
cat > ~/.openclaw/security-audit.json <<'JSON'
{
  "enabledFor": ["audit"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "First-party security tooling — reviewed by security team",
      "suppressedAt": "2026-02-15"
    }
  ]
}
JSON

# Run with suppressions enabled
/openclaw-audit-watchdog --enable-suppressions
```

Suppressed findings still appear in the report under an informational section but are excluded from critical/warning totals.

## Suppression / Allowlist

The audit pipeline supports an opt-in suppression mechanism for managing reviewed findings. Suppression uses defense-in-depth activation: two independent gates must both be satisfied.

### Activation Requirements

1. **CLI flag:** The `--enable-suppressions` flag must be passed at invocation.
2. **Config sentinel:** The configuration file must include `"enabledFor"` with `"audit"` in the array.

If either gate is absent, all findings are reported normally and the suppression list is ignored.

### Config File Resolution (4-tier)

1. Explicit `--config <path>` argument
2. `OPENCLAW_AUDIT_CONFIG` environment variable
3. `~/.openclaw/security-audit.json`
4. `.clawsec/allowlist.json`

### Config Format

```json
{
  "enabledFor": ["audit"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "First-party security tooling — reviewed by security team",
      "suppressedAt": "2026-02-15"
    }
  ]
}
```

### Sentinel Semantics

- `"enabledFor": ["audit"]` -- audit suppression active (requires `--enable-suppressions` flag too)
- `"enabledFor": ["advisory"]` -- only advisory pipeline suppression (no effect on audit)
- `"enabledFor": ["audit", "advisory"]` -- both pipelines honor suppressions
- Missing or empty `enabledFor` -- no suppression active (safe default)

### Matching Rules

- **checkId:** exact match against the audit finding's check identifier (e.g., `skills.code_safety`)
- **skill:** case-insensitive match against the skill name from the finding
- Both fields must match for a finding to be suppressed

## Installation flow (interactive)

Provisioning (MDM-friendly): prefer environment variables (no prompts).

Required env:
- `PROMPTSEC_DM_CHANNEL` (e.g. `telegram`)
- `PROMPTSEC_DM_TO` (recipient id)

Optional env:
- `PROMPTSEC_TZ` (IANA timezone; default `UTC`)
- `PROMPTSEC_HOST_LABEL` (label included in report; default uses `hostname`)
- `PROMPTSEC_INSTALL_DIR` (stable path used by cron payload to `cd` before running runner; default: `~/.config/security-checkup`)
- `PROMPTSEC_GIT_PULL=1` (runner will `git pull --ff-only` if installed from git)

Path expansion rules (important):
- In `bash`/`zsh`, use `PROMPTSEC_INSTALL_DIR="$HOME/.config/security-checkup"` (or absolute path).
- Do not pass a single-quoted literal like `'$HOME/.config/security-checkup'`.
- On PowerShell, prefer: `$env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME ".config/security-checkup"`.
- If path resolution fails, setup now exits with a clear error instead of creating a literal `$HOME` directory segment.

Interactive install is last resort if env vars or defaults are not set.

even in that case keep prompts minimalistic the watchdog tool is pretty straight up configured out of the box.

## Create the cron job

Use the `cron` tool to create a job with:

- `schedule.kind="cron"`
- `schedule.expr="0 23 * * *"`
- `schedule.tz=<installer tz>`
- `sessionTarget="isolated"`
- `wakeMode="now"`
- `payload.kind="agentTurn"`
- `payload.deliver=true`

### Payload message template (agentTurn)

Create the job with a payload message that instructs the isolated run to:

1) Run the audits

- Prefer JSON output for robust parsing:
  - `openclaw security audit --json`
  - `openclaw security audit --deep --json`

2) Render a concise text report:

Include:
- Timestamp + host identifier if available
- Summary counts
- For each CRITICAL/WARN: `checkId` + `title` + 1-line remediation
- If deep probe fails: include the probe error line

3) Deliver the report:

- DM to the chosen user target using `message` tool

### Email delivery requirement

Attempt email delivery in this priority order:

A) If an email channel plugin exists in this deployment, use:
- `message(action="send", channel="email", target="[email protected]", message=<report>)`

B) Otherwise, fallback to local sendmail if available:
- `exec` with: `printf "%s" "$REPORT" | /usr/sbin/sendmail -t` (construct To/Subject headers)

If neither path is possible, still DM the user and include a line:
- `"NOTE: could not deliver to [email protected] (email channel not configured)"`

## Idempotency / updates

Before adding a new job:

- `cron.list(includeDisabled=true)`
- If a job with name matching `"Daily security audit"` exists, update it instead of adding a duplicate:
  - adjust schedule tz/expr
  - adjust DM target

## Suggested naming

- Job name: `"Daily security audit (Prompt Security)"`

## Minimal recommended defaults (do not auto-change config)

The cron’s report should *suggest* fixes but must not apply them.

Do not run `openclaw security audit --fix` unless explicitly asked.


---

## Skill Companion Files

> Additional files collected from the skill directory layout.

### README.md

```markdown
# OpenClaw Audit Watchdog 🔭

Automated daily security audits for OpenClaw/Clawdbot agents with email reporting.

## Overview

The Audit Watchdog provides automated security monitoring for your OpenClaw agent deployments:

- **Daily Security Scans** - Scheduled via cron for continuous monitoring
- **Deep Audit Mode** - Comprehensive analysis of agent configurations and behavior
- **Email Reporting** - Formatted reports delivered to your security team
- **Git Integration** - Optionally syncs latest configurations before audit

## Quick Start

```bash
# Install skill
mkdir -p ~/.openclaw/skills/openclaw-audit-watchdog
cd ~/.openclaw/skills/openclaw-audit-watchdog

# Download and extract
curl -sSL "https://github.com/prompt-security/clawsec/releases/download/$VERSION_TAG/openclaw-audit-watchdog.skill" -o watchdog.skill
unzip watchdog.skill

# Configure
export PROMPTSEC_EMAIL_TO="[email protected]"
export PROMPTSEC_HOST_LABEL="prod-agent-1"

# Run
./scripts/runner.sh
```

## Configuration

| Variable | Description | Default |
|----------|-------------|---------|
| `PROMPTSEC_EMAIL_TO` | Email recipient for reports | `[email protected]` |
| `PROMPTSEC_HOST_LABEL` | Host identifier in reports | hostname |
| `PROMPTSEC_GIT_PULL` | Pull latest before audit (0/1) | `0` |
| `OPENCLAW_AUDIT_CONFIG` | Path to suppression config file | Auto-detected |

### Path Expansion and Quoting

- `PROMPTSEC_INSTALL_DIR` and `OPENCLAW_AUDIT_CONFIG` support `~`, `$HOME`, `${HOME}`, `%USERPROFILE%`, and `$env:USERPROFILE`.
- In `bash`/`zsh`, use double quotes for expandable paths:
  - `export PROMPTSEC_INSTALL_DIR="$HOME/.config/security-checkup"`
- Avoid single-quoted literals such as `'$HOME/.config/security-checkup'`.
- In PowerShell:
  - `$env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME ".config/security-checkup"`

## Suppression / Allowlist

Manage false-positive findings with the built-in suppression mechanism. Suppressed findings remain visible in reports but are demoted to informational status and do not count toward critical/warning totals.

Suppression is **opt-in with defense in depth**: the audit pipeline requires BOTH a CLI flag AND a config-file sentinel before any finding is suppressed. This prevents accidental or unauthorized suppression.

### Activation (Two Gates)

Both of the following must be true for audit suppressions to take effect:

1. **CLI flag:** Pass `--enable-suppressions` when invoking the runner.
2. **Config sentinel:** The configuration file must contain `"enabledFor": ["audit"]` (or a list that includes `"audit"`).

If either gate is missing, the suppression list is ignored entirely and all findings are reported normally.

### Config File Resolution

The audit scanner resolves the suppression config file using this 4-tier priority:

1. `--config <path>` CLI argument (highest priority)
2. `OPENCLAW_AUDIT_CONFIG` environment variable
3. `~/.openclaw/security-audit.json`
4. `.clawsec/allowlist.json` (fallback)

### Example Configuration

```json
{
  "enabledFor": ["audit"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "First-party security tooling, reviewed 2026-02-13",
      "suppressedAt": "2026-02-13"
    },
    {
      "checkId": "skills.permissions",
      "skill": "my-internal-tool",
      "reason": "Broad permissions required for legitimate functionality",
      "suppressedAt": "2026-02-16"
    }
  ]
}
```

The `enabledFor` array controls which pipelines honor the suppression list:

| Value | Effect |
|-------|--------|
| `["audit"]` | Only audit suppression active (still requires `--enable-suppressions` flag) |
| `["advisory"]` | Only advisory suppression active (used by clawsec-suite) |
| `["audit", "advisory"]` | Both pipelines honor suppressions |
| Missing or `[]` | No suppression in any pipeline (safe default) |

### Required Fields per Suppression Entry

| Field | Description | Example |
|-------|-------------|---------|
| `checkId` | Audit check identifier to suppress | `skills.code_safety` |
| `skill` | Skill name the suppression applies to | `clawsec-suite` |
| `reason` | Justification for audit trail (required) | `First-party tooling, reviewed by security team` |
| `suppressedAt` | ISO 8601 date (YYYY-MM-DD) | `2026-02-15` |

**Matching:** Suppression requires an exact `checkId` match and a case-insensitive `skill` name match. Both must match for a finding to be suppressed.

### Usage

```bash
# Enable suppressions with default config location
./scripts/runner.sh --enable-suppressions

# Enable suppressions with explicit config path
./scripts/runner.sh --enable-suppressions --config /path/to/config.json

# Enable suppressions with config via environment variable
export OPENCLAW_AUDIT_CONFIG=~/.openclaw/custom-audit.json
./scripts/runner.sh --enable-suppressions
```

Without `--enable-suppressions`, the config file is not consulted for suppressions:

```bash
# Suppressions NOT active (flag missing)
./scripts/runner.sh
./scripts/runner.sh --config /path/to/config.json
```

### Report Output

Suppressed findings appear in a separate informational section:

```
CRITICAL (0):
  (none)

WARNINGS (1):
  [skills.network] some-skill: Unrestricted network access

INFO - SUPPRESSED (2):
  [skills.code_safety] clawsec-suite: dangerous-exec detected
    Reason: First-party security tooling, reviewed 2026-02-13
  [skills.permissions] my-tool: Broad permission scope
    Reason: Validated by security team, suppressedAt 2026-02-16
```

See `examples/security-audit-config.example.json` for a complete template.

## Scripts

| Script | Purpose |
|--------|---------|
| `runner.sh` | Main entry - runs full audit pipeline |
| `run_audit_and_format.sh` | Core audit execution |
| `codex_review.sh` | AI-assisted code review |
| `render_report.mjs` | HTML report generation |
| `sendmail_report.sh` | Local sendmail delivery |
| `send_smtp.mjs` | SMTP email delivery |
| `setup_cron.mjs` | Cron job configuration |

## Requirements

- bash
- curl
- Optional: node (for SMTP/rendering), jq (for JSON), sendmail (for email)

## Cron Setup

```bash
# Daily at 6 AM
0 6 * * * /path/to/scripts/runner.sh
```

Or use the setup script:

```bash
node scripts/setup_cron.mjs
```

## License

GNU AGPL v3.0 or later - See [LICENSE](../../LICENSE) for details.

---

**Part of [ClawSec](https://github.com/prompt-security/clawsec) by [Prompt Security](https://prompt.security)**

```

### _meta.json

```json
{
  "owner": "davida-ps",
  "slug": "openclaw-audit-watchdog",
  "displayName": "openclaw-audit-watchdog",
  "latest": {
    "version": "0.1.1",
    "publishedAt": 1772018831675,
    "commit": "https://github.com/openclaw/skills/commit/36dceae02cce19df4672f683e5387ffb2779adfe"
  },
  "history": [
    {
      "version": "0.1.0",
      "publishedAt": 1771260966117,
      "commit": "https://github.com/openclaw/skills/commit/7c51df17236854ee2eac81477ccaa1beed799b5d"
    },
    {
      "version": "0.0.4",
      "publishedAt": 1770331059793,
      "commit": "https://github.com/openclaw/skills/commit/d14cd16d870b346c9e855c7f5fb956f3cc681b7a"
    }
  ]
}

```

### scripts/codex_review.sh

```bash
#!/usr/bin/env bash
set -euo pipefail

# Run a Codex CLI code review for this skill.
# Safe by default: read-only sandbox.

ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"

if [[ -n "${CODEX_BIN:-}" ]]; then
  RESOLVED_CODEX_BIN="$CODEX_BIN"
elif command -v codex >/dev/null 2>&1; then
  RESOLVED_CODEX_BIN="$(command -v codex)"
elif [[ -x "/opt/homebrew/bin/codex" ]]; then
  RESOLVED_CODEX_BIN="/opt/homebrew/bin/codex"
else
  echo "codex CLI not found. Install Codex CLI and ensure 'codex' is in PATH." >&2
  exit 127
fi

# Use GPT-5.1 Codex Max (high reasoning). Note: some models (e.g. o3) may be blocked
# depending on the account type.
exec "$RESOLVED_CODEX_BIN" review -s read-only -m gpt-5.1-codex-max \
  "Review this skill for security/reliability issues. Focus on: shell quoting, command injection, sendmail header injection, dependency checks, cron payload safety, and failure modes. Provide concrete patch suggestions (with diffs if possible)." \
  -c "workdir=\"$ROOT_DIR\"" \
  -c "reasoning_effort=\"xhigh\""

```

### scripts/run_audit_and_format.sh

```bash
#!/usr/bin/env bash
set -euo pipefail

# Runs openclaw security audits and prints a formatted report to stdout.
#
# Usage:
#   ./run_audit_and_format.sh [--label "custom label"] [--config <path>]

show_help() {
  cat <<EOF
Usage: run_audit_and_format.sh [OPTIONS]

Options:
  --label <text>              Custom label for the report
  --config <path>             Path to config file (e.g., allowlist.json)
  --enable-suppressions       Explicitly enable the suppression mechanism
  --help                      Show this help message

EOF
  exit 0
}

LABEL=""
CONFIG=""
ENABLE_SUPPRESSIONS=0
while [[ $# -gt 0 ]]; do
  case "$1" in
    --label)
      LABEL="${2:-}"; shift 2 ;;
    --config)
      CONFIG="${2:-}"; shift 2 ;;
    --enable-suppressions)
      ENABLE_SUPPRESSIONS=1; shift ;;
    --help)
      show_help ;;
    *)
      echo "Unknown arg: $1" >&2
      exit 2
      ;;
  esac
done

TMPDIR="${TMPDIR:-/tmp}"
AUDIT_JSON="$(mktemp "${TMPDIR%/}/openclaw_audit.XXXXXX.audit.json")"
DEEP_JSON="$(mktemp "${TMPDIR%/}/openclaw_audit.XXXXXX.deep.json")"

cleanup() {
  rm -f "$AUDIT_JSON" "$DEEP_JSON" 2>/dev/null || true
}
trap cleanup EXIT

command -v openclaw >/dev/null 2>&1 || { echo "openclaw not found in PATH" >&2; exit 127; }
command -v node >/dev/null 2>&1 || { echo "node not found in PATH" >&2; exit 127; }

run_audit() {
  local kind="$1" outfile="$2"
  local errfile
  errfile="$(mktemp "${TMPDIR%/}/openclaw_audit.XXXXXX.err")"

  local config_args=()
  if [[ -n "$CONFIG" ]]; then
    config_args=(--config "$CONFIG")
  fi

  # kind is either: "audit" or "deep"
  if [[ "$kind" == "audit" ]]; then
    if ! openclaw security audit --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then
      printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"audit failed: %s"}\n' \
        "$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile"
    fi
  else
    if ! openclaw security audit --deep --json "${config_args[@]}" >"$outfile" 2>"$errfile"; then
      printf '{"findings":[],"summary":{"critical":0,"warn":0,"info":0},"error":"deep failed: %s"}\n' \
        "$(head -n 20 "$errfile" | tr '\n' ' ')" >"$outfile"
    fi
  fi

  rm -f "$errfile" 2>/dev/null || true
}

run_audit "audit" "$AUDIT_JSON"
run_audit "deep" "$DEEP_JSON"

# Host id: prefer short hostname; fall back to full hostname
HOST_ID="$(hostname -s 2>/dev/null || hostname 2>/dev/null || echo unknown-host)"

if [[ -z "$LABEL" ]]; then
  LABEL="$HOST_ID"
else
  LABEL="$LABEL ($HOST_ID)"
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Build args for render_report
RENDER_ARGS=(--audit "$AUDIT_JSON" --deep "$DEEP_JSON" --label "$LABEL")
if [[ "$ENABLE_SUPPRESSIONS" -eq 1 ]]; then
  RENDER_ARGS+=(--enable-suppressions)
fi
if [[ -n "$CONFIG" ]]; then
  RENDER_ARGS+=(--config "$CONFIG")
fi

node "$SCRIPT_DIR/render_report.mjs" "${RENDER_ARGS[@]}"

```

### scripts/runner.sh

```bash
#!/usr/bin/env bash
set -euo pipefail

# Runner for Prompt Security daily audit job.
# - Optionally git-pulls repo (if PROMPTSEC_GIT_PULL=1)
# - Runs openclaw security audit + deep audit
# - Emails report to [email protected] via local sendmail
# - Prints the report to stdout (so cron delivery can DM it)

COMPANY_EMAIL="${PROMPTSEC_EMAIL_TO:[email protected]}"
HOST_LABEL="${PROMPTSEC_HOST_LABEL:-}"
DO_PULL="${PROMPTSEC_GIT_PULL:-0}"
ENABLE_SUPPRESSIONS=0
AUDIT_CONFIG=""

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"

# Parse CLI arguments
while [[ $# -gt 0 ]]; do
  case "$1" in
    --enable-suppressions)
      ENABLE_SUPPRESSIONS=1; shift ;;
    --config)
      AUDIT_CONFIG="${2:-}"; shift 2 ;;
    *)
      shift ;;
  esac
done

if [[ "$DO_PULL" == "1" ]]; then
  if command -v git >/dev/null 2>&1 && [[ -d "$ROOT_DIR/.git" ]]; then
    git -C "$ROOT_DIR" pull --ff-only >/dev/null 2>&1 || true
  fi
fi

args=( )
if [[ -n "$HOST_LABEL" ]]; then
  args+=(--label "$HOST_LABEL")
fi
if [[ "$ENABLE_SUPPRESSIONS" -eq 1 ]]; then
  args+=(--enable-suppressions)
fi
if [[ -n "$AUDIT_CONFIG" ]]; then
  args+=(--config "$AUDIT_CONFIG")
fi
REPORT="$($SCRIPT_DIR/run_audit_and_format.sh "${args[@]}")"

SUBJECT_HOST="${HOST_LABEL:-$(hostname -s 2>/dev/null || hostname 2>/dev/null || echo unknown-host)}"
EMAIL_OK=1

# Prefer sendmail-compatible delivery if available; otherwise fallback to local SMTP (localhost:25 by default).
if printf '%s\n' "$REPORT" | "$SCRIPT_DIR/sendmail_report.sh" --to "$COMPANY_EMAIL" --subject "[$SUBJECT_HOST] openclaw daily security audit"; then
  EMAIL_OK=1
else
  if command -v node >/dev/null 2>&1; then
    if printf '%s\n' "$REPORT" | node "$SCRIPT_DIR/send_smtp.mjs" --to "$COMPANY_EMAIL" --subject "[$SUBJECT_HOST] openclaw daily security audit"; then
      EMAIL_OK=1
    else
      EMAIL_OK=0
    fi
  else
    EMAIL_OK=0
  fi
fi

if [[ "$EMAIL_OK" -eq 0 ]]; then
  printf '%s\n\n' "$REPORT"
  echo "NOTE: could not deliver email to ${COMPANY_EMAIL} via local sendmail"
else
  printf '%s\n' "$REPORT"
fi

```

### scripts/sendmail_report.sh

```bash
#!/usr/bin/env bash
set -euo pipefail

# Sends report text (stdin) via local sendmail.
#
# Usage:
#   ./sendmail_report.sh --to [email protected] [--subject "..."]

TO=""
SUBJECT="openclaw daily security audit"

while [[ $# -gt 0 ]]; do
  case "$1" in
    --to)
      TO="${2:-}"; shift 2 ;;
    --subject)
      SUBJECT="${2:-}"; shift 2 ;;
    *)
      echo "Unknown arg: $1" >&2
      exit 2
      ;;
  esac
done

if [[ -z "$TO" ]]; then
  echo "--to is required" >&2
  exit 2
fi

# Resolve sendmail:
# - explicit override via PROMPTSEC_SENDMAIL_BIN
# - macOS default /usr/sbin/sendmail (often not in PATH for non-login shells)
# - fallback to PATH lookup
SENDMAIL_BIN="${PROMPTSEC_SENDMAIL_BIN:-}"
if [[ -z "$SENDMAIL_BIN" ]] && [[ -x "/usr/sbin/sendmail" ]]; then
  SENDMAIL_BIN="/usr/sbin/sendmail"
fi
if [[ -z "$SENDMAIL_BIN" ]]; then
  SENDMAIL_BIN="$(command -v sendmail || true)"
fi
if [[ -z "$SENDMAIL_BIN" ]] || [[ ! -x "$SENDMAIL_BIN" ]]; then
  echo "sendmail not found (tried PROMPTSEC_SENDMAIL_BIN, /usr/sbin/sendmail, and sendmail in PATH)" >&2
  exit 1
fi

# Prevent header injection: strip CR/LF from header fields
TO_CLEAN="$(printf '%s' "$TO" | tr -d '\r\n')"
SUBJECT_CLEAN="$(printf '%s' "$SUBJECT" | tr -d '\r\n')"

# Basic RFC2822
{
  echo "To: ${TO_CLEAN}"
  echo "Subject: ${SUBJECT_CLEAN}"
  echo "Content-Type: text/plain; charset=UTF-8"
  echo
  cat
} | "$SENDMAIL_BIN" -oi -oem -t

```