CLAWSTIN MORNING PAPER — 2026-03-10

AUTOAUDIT Summary -- 2026-03-10

Findings

CRITICAL

1. krspamgang Gmail OAuth token expired — not recovering. `triage-krspamgang.py` has failed every hourly run since 2026-03-09 20:13 with `invalid_grant: Token has been expired or revoked`. 7 consecutive failures through 02:13 on 3/10. Unlike the 3/8 incident (which self-recovered), this one is persistent. Token file: `/Users/aicomputer/.openclaw/gmail/token-krspamgang.json`. Needs manual re-auth. LaunchAgent `clawstin.gmail.triage-krspamgang` shows exit 1.

WARNING

2. balance-notify sends failing — node not in LaunchAgent PATH. Balance extraction works (amounts logged correctly every hour 17:00–21:00 on 3/9), but `openclaw message send` fails with `env: node: No such file or directory` → exit 127. The LaunchAgent environment doesn't include `/opt/homebrew/bin` in PATH, so the `#!/usr/bin/env node` shebang in openclaw CLI can't resolve. Fix: add `<key>EnvironmentVariables</key>` with PATH to the plist, or add `export PATH="/opt/homebrew/bin:$PATH"` to balance-notify.sh. No balance notifications have been delivered since 3/8 18:26.
3. balance-checker exit 78. `clawstin.balance-checker` (`/Users/aicomputer/clawstin-app/server/balance-check-all.py`) still exiting 78. 2nd consecutive audit. Note: balance-notify.sh calls the same script inline and succeeds — the standalone LaunchAgent invocation is the one failing. Likely an environment/dependency issue in the plist context.
4. 3 cron jobs in error state. `morning-paper` (5:45 AM), `openclaw-update` (6:00 AM), `token-burn-weekly` (Mon 9:00 AM). No `openclaw cron logs` command available to inspect details. `update-check` resolved since last report (now shows ok). `morning-paper` and `openclaw-update` carried over — 2nd consecutive audit.
5. SCHEDULE.md not chronologically sorted. Lines 17–20 are out of order: Progressive payment (4/6), Jim Kelly Wedding (7/18), AR Queenie (3/16), Hound BAM (3/11) all appear after the May 28 dentist entry. 5th consecutive audit flagging this.
6. Context load: 1,795 words (threshold: 1,500). Individual files over 400-word threshold: - AGENTS.md: 643 words (auto-injected) - memory/2026-03-09.md: 561 words (startup-read; 8 sessions)
Full breakdown: AGENTS.md 643, SOUL.md 64, TOOLS.md 68, IDENTITY.md 32, USER.md 32, HEARTBEAT.md 95, MEMORY.md 117, STYLE.md 17, SYNC.md 144, WORKING_MEMORY.md 22, memory/2026-03-09.md 561.
7. vitals-api exit -15 (SIGTERM). `clawstin.vitals-api` (pid 13436) shows exit status -15. Logs show it's still serving requests successfully as of 22:19 on 3/9 (200 responses on all endpoints). The -15 likely reflects a prior restart/reload. Appears functional but the exit status is stale/misleading.

Carried Over

1. SCHEDULE.md sort order — 5th consecutive audit. 2. MEMORY.md pending items from 2026-03-04 — 6 items Ghost marked "for MEMORY.md" still awaiting confirmation: Hellbot verification triple, $HINV replaces $HCOMP, parser number-name bug, legacy data boundary row 878+, positive SALE qty = returns, quarterly system refresh April 1. 4th consecutive audit. 3. morning-paper and openclaw-update cron errors — 2nd consecutive audit. 4. balance-checker exit 78 — 2nd consecutive audit. Was reportedly fixed in session 04 but has recurred or fix didn't persist.

Resolved From Last Report

- balance-notify "openclaw: command not found" — partially resolved. The old issue (bare `openclaw` on line 52) was fixed by rewriting the script with full path `/opt/homebrew/bin/openclaw` on line 30. However, a new PATH issue surfaced: `env: node: No such file or directory` (see finding #2). Balance extraction now works; delivery still broken. - update-check cron error — now shows status "ok". - triage.py OAuth (main account) — still functioning, completing successfully every hour.

Past-Due Schedule Entries

- `2026-03-09 09:00 -- ACCOUNTS RECEIVABLE - mighty white - SNOOZE/RESOLVE?` - `2026-03-09 09:00 -- Hound Keyan`

Fired One-Shot Reminders

None currently loaded.

Step Completion Checklist

Step 1 -- Pre-Audit Data: completed (11 checks, 0 errors, 3 warnings: LaunchAgents, schedule past-due, log errors) Step 2 -- Last Report Review: completed (4 carried-over items, 3 resolved) Step 3 -- Daily Integration: completed (2026-03-09 log reviewed — 8 sessions; 2026-03-10 log does not yet exist) Step 4 -- Git Diff + Downstream: completed (15 commits; major work: PaperTrader overhaul/audit, clawstin-app, ULP labels, BlueBubbles attempt; no stale references to old values found) Step 5 -- File Health Review: completed (MEMORY.md 117w healthy; SCHEDULE.md sort issue; context load 1,795w over 1,500 threshold; AGENTS.md 643w over 400 threshold) Step 6 -- Cron + Automation: completed (18 cron jobs; 3 in error state; model assignments appropriate: Opus=autoaudit, Sonnet=security-guard/morning-brief/morning-paper/zero-token-heartbeat, Haiku=routine monitors) Step 7 -- Script Validation: completed (send-todo.sh ✓, triage.py ✓, triage-proton.py ✓, triage-krspamgang.py ✓ exists but token expired, watchdog/ ✓, balance-notify.sh ✓ exists but node PATH issue, balance-check-all.py ✓ exists but exit 78 standalone) Step 8 -- Cross-File Consistency: completed (MEMORY.md refs verified; HEARTBEAT.md→HEARTBEAT-FULL.md ✓; STYLE.md→STYLE-FULL.md ✓; GUARDRAILS.md ✓; INDEX.md ✓; CL.md ✓; SYNC.md at v424 matches latest commit)

Security Guard Report — 2026-03-10

Patrol time: 03:30 AM (America/New_York) Agent: Security Guard (Claude Opus) AutoAudit verified: Yes (2026-03-10) Previous report: 2026-03-09

---

Executive Summary

Overall threat level: MEDIUM-HIGH (downgraded from yesterday's HIGH)
Progress has been made on the critical findings from the 2026-03-09 report: - `.gitignore` now includes `lifeboat-system/`, `state/`, `.log`, and `memory/session-log-.txt` - Passwords in LIFEBOAT.md, RESTORE.md, and CREDENTIALS.md appear redacted - API keys in memory markdown files sanitized — only placeholder references remain - `lifeboat-system/` directory still EXISTS in workspace with full credential suite (just git-ignored) - Fernet master key (`fernet-key.b64`) still in workspace as a file - Cloudflare tunnel exposes 3 local services to the internet
This patrol identified 7 findings, with 1 severity 8 and 1 severity 7.

---

FINDINGS

SG-2026-03-10-001: Lifeboat-System Credential Directory Still in Workspace

Severity: 7 (was 9 on 2026-03-09)
The `.gitignore` now includes `lifeboat-system/`. File permissions are all `-rw-------`. No git remote exists. However the directory physically exists with: Anthropic API key, Gmail OAuth tokens (3 accounts), Cloudflare tunnel secret and cert, master Den Fernet key, encrypted creds store, rclone Google Drive tokens (2 accounts), Signal key material.
Key remaining risk: Any subagent or tool with workspace read access gets full credential suite. The nightly lifeboat backup (confirmed 2026-03-10 02:03:55) syncs this to Google Drive.
Action: Move `lifeboat-system/` out of workspace entirely. The Fernet key should not exist as a file.

SG-2026-03-10-002: Cloudflare Tunnel Exposes 3 Services to Internet

Severity: 8
Tunnel config routes: - `clawstin.org` to localhost:8877 (Python http.server — static site, NO AUTH) - `voice.clawstin.org` to localhost:3334 (NOT RUNNING) - `webhook.clawstin.org` to localhost:18789 (gateway — status unclear)
The static site at port 8877 serves symlinks to workspace files including `vital-widget.json`, `vital.json`, `brain-map.html`. These may contain financial/personal data exposed without authentication.
Action: Review what vital.json contains. Add auth or remove sensitive data from public site.

SG-2026-03-10-003: Chrome Remote Desktop Running (Accepted Risk)

Severity: 3 — Accepted per SG-2026-03-09-005. No change.

SG-2026-03-10-004: pip Severely Outdated (21.2.4 vs 26.0.1)

Severity: 5
pip 21.2.4 is 4+ years behind. setuptools 58.0.4 similarly ancient. certifi behind on CA bundle.
Action: `python3 -m pip install --upgrade pip setuptools certifi`

SG-2026-03-10-005: Signal-CLI Daemon on Localhost HTTP (No TLS/Auth)

Severity: 5
signal-cli daemon on 127.0.0.1:8080 — any local process can send Signal messages without auth. Currently no external exposure path exists (no tunnel route to 8080).

SG-2026-03-10-006: LaunchAgent Failures (Operational)

Severity: 3
balance-checker exit 78 (3rd audit), balance-notify exit 127, krspamgang triage exit 1 (OAuth expired). Not security threats but krspamgang email monitoring is offline.

SG-2026-03-10-007: Proton Mail Bridge Sentry Key in Process Args

Severity: 2
Sentry DSN key visible in `ps aux` output. Low risk — crash reporting only.

---

SYSTEM STATUS

- LuLu Firewall: RUNNING (PID 1491 + system extension PID 699) - Tailscale: RUNNING (PID 655, root) - Ollama: RUNNING (PID 1511) - Nightly Backup: OK — last run 2026-03-10 02:00, lifeboat complete 02:03 - Git: Local only, no remote. Gitignore expanded. - World-writable files: NONE - Stray credentials in /tmp: NONE - OpenSSL: 3.6.1 (current) - npm audit: Unable (no lockfile) - Full disk encryption: Unable to verify (fdesetup blocked by sandbox) - External threat intelligence: Unable to check (no network access — 3rd consecutive patrol)

---

COMPARISON WITH 2026-03-09

| Finding | 3/9 | 3/10 | Change | |---------|-----|------|--------| | Lifeboat creds in workspace | 9 | 7 | Improved (gitignored) | | Passwords in markdown | 9 | RESOLVED | Fixed | | API key in session logs | 6 | RESOLVED | Fixed | | API key in REDDIT-UPGRADES | 6 | RESOLVED | Fixed | | Chrome Remote Desktop | Accepted | 3 | Unchanged | | Cloudflare tunnel | 7 | 8 | Escalated | | Minimal gitignore | 7 | RESOLVED | Fixed | | Git local-only | 3 | Info | Unchanged | | Ollama local | 3 | Info | Unchanged |