Clawstin Morning Paper

AUTOAUDIT Summary -- 2026-03-13

Findings

CRITICAL

1. morning-brief cron timed out. Job `morning-brief` (7858a633) last run at 2026-03-12T22:33Z errored: "job execution timed out" after 420s. consecutiveErrors: 1. Ghost's 6 AM brief will not deliver tomorrow unless the underlying issue is resolved. Likely cause: Sonnet taking too long reading multiple state files + paper trader JSON. Consider increasing timeout or reducing scope.

WARNING

1. vital-widget-freshness smoke test FAIL. `vital-widget.json` file is missing entirely. Smoke test reports "File missing." The vital-widget-sync LaunchAgent was removed by Ghost in session 27 and stale files trashed — this is expected. However, smoke_test.py still checks for the file. The smoke test itself needs updating to remove this check, since the widget sync is intentionally decommissioned.
2. 2 cron jobs in error state: morning-brief, clear-chronic-wednesday. morning-brief covered in CRITICAL #1. `clear-chronic-wednesday` (1fe32258) error: "Delivering to Signal requires target <E.164|uuid:ID|group:ID|signal:group:ID|signal:+E.164>" — the delivery target `+15406208059` is set but the job's own message tries to send a Signal DM directly instead of relying on announce delivery. The `model` was fixed to haiku in session 27, but the delivery routing error persists. consecutiveErrors: 1.
3. balance-anchor smoke test WARN. Reports "no last_checked timestamp" but `vital-balance-anchor.json` contains `"last_checked": "2026-03-13T01:00:00Z"`. Balance: $115.02. This is a smoke_test.py bug — carried forward from last audit. The anchor itself is healthy.
4. vitals-api and vital-server LaunchAgents exit -15 (SIGTERM). `clawstin.vital-server` (pid 75085, exit -15) and `clawstin.vitals-api` (pid 95401, exit -15). Smoke test confirms flask-api on :8765 IS responding. Both show SIGTERM — launchd restarts. No functional impact, but 2nd consecutive audit with these signals.
5. com.clawstin.balance-notify LaunchAgent exit code 1. Pre-audit flagged this agent with exit status 1 (failure). Not a new finding but worth monitoring.
6. Stale FER plist in lifeboat. `lifeboat-system/launch-agents/clawstin.fer-monitor.plist` still exists, pointing to deleted `scripts/fer-monitor.py`. dependency_map.json and balance-scrape-cron.md were cleaned in session 27, but the lifeboat plist copy was missed. The plist is not loaded (not in launchctl list), so no functional impact — just a dead artifact.
7. Context load: 2,163 words (threshold: 1,500). Over threshold. Files over 400-word threshold: - AGENTS.md: 772 words (auto-injected) - memory/2026-03-12.md: 542 words (startup-read)
Full breakdown: AGENTS.md 772, SOUL.md 64, TOOLS.md 171, IDENTITY.md 32, USER.md 32, HEARTBEAT.md 95, MEMORY.md 117, STYLE.md 17, SYNC.md 103, WORKING_MEMORY.md 22, memory/2026-03-12.md 542, memory/2026-03-11.md 196. Total: 2,163.
Improvement from last audit (2,769 → 2,163, -606 words) due to memory/2026-03-11.md distillation (1,297 → 196). AGENTS.md remains the largest single file at 772 words — consider whether any sections could move to on-demand reads.
8. SCHEDULE.md has 3 past-due entries from 2026-03-11. These were noted as "resolved/removed" in session 27 daily log but are still present in SCHEDULE.md. Either the cleanup didn't persist or the file wasn't saved. Entries: Tori post office (3/11 10:00), Garry Dan Call (3/11 13:00), Hound BAM (3/11 15:54).

Carried Over

1. SCHEDULE.md sort order + stale entries — 8th consecutive audit. The 3/11 entries were logged as removed in session 27 but remain. 2. MEMORY.md pending items from 2026-03-04 — Ghost closed these in session 27 ("doesn't belong in MEMORY.md"). Resolved — dropping from carry-over. 3. Stale FER references — Mostly resolved in session 27. Only `lifeboat-system/launch-agents/clawstin.fer-monitor.plist` remains. 5th consecutive (partial). 4. smoke_test.py false positives — balance-anchor "no last_checked" and vital-widget-freshness (checking for intentionally removed file). 2nd consecutive.

Past-Due Schedule Entries

- `2026-03-11 10:00 -- Tori post office help` - `2026-03-11 13:00 -- Garry Dan Call` - `2026-03-11 15:54 -- Hound BAM`

Fired One-Shot Reminders

- No fired one-shot plists detected. `clawstin.ats.dentist-may-28th-8am` loaded but not yet fired (fires May 28). - `balance-burn-calibration-review` (one-shot, deleteAfterRun) scheduled for 2026-03-15T09:00Z — not yet fired.

Step Completion Checklist

Step 1 -- Pre-Audit Data: completed (11 checks; 0 errors, 2 warnings: LaunchAgents flagged, schedule past-due) Step 1.5 -- Smoke Tests: completed (12 checks; 9 pass, 2 warn, 1 fail: vital-widget missing, balance-anchor field mismatch, 2 cron errors) Step 2 -- Last Report Review: completed (reviewed 2026-03-12 report; morning-brief resolution reversed — now in error again; MEMORY.md pending items resolved by Ghost) Step 3 -- Daily Integration: completed (2026-03-12 log reviewed; no 2026-03-13 log yet; all referenced scripts verified at stated paths) Step 4 -- Git Diff + Downstream: completed (5 commits reviewed; watchdog.py added and indexed; vital-widget files cleaned; no stale references to changed values found in configs) Step 5 -- File Health Review: completed (MEMORY.md 117w healthy; context load 2,163w over 1,500 threshold; AGENTS.md 772w over 400 threshold; SCHEDULE.md has 3 stale past-due entries; all injected files checked — no contradictions or inaccuracies found) Step 6 -- Cron + Automation: completed (22 cron jobs reviewed; morning-brief timeout error, clear-chronic-wednesday delivery error; model assignments appropriate: Opus for autoaudit, Sonnet for morning-brief/security-guard, Haiku for all routine jobs; bobby-litter-check correctly uses systemEvent/main) Step 7 -- Script Validation: completed (send-todo.sh ✓, triage-proton.py ✓, triage.py ✓, watchdog/ directory ✓ with 6 files; all cron-referenced scripts verified: hue.py, fridge-discovery.py, zero_token_heartbeat.py, morning-paper.py, openclaw-update.py, rent-reminder.py, researcher.py, all 5 trading signal monitors ✓) Step 8 -- Cross-File Consistency: completed (stale FER plist in lifeboat; SCHEDULE.md entries logged as removed but still present; trial.py still references fer-monitor.py as an example in help text — cosmetic only; scripts/balance-scrape-cron.md is clean reference doc, no issues)

Model	Portfolio Value	P/L	Cash	Holdings
M01 Momentum Chaser	$991.00	$-9.00 (-0.9%)	$241.02	MSTR 1.1148sh @$137.37, ADBE 0.5523sh @$270.13, QQQ 0.2491sh @$597.34, MSFT 0.3659sh @$401.89, CRM 0.7619sh @$199.24
M02 Trend Follower	$998.40	$-1.60 (-0.2%)	$850.00	NVDA 0.8109sh @$183.01
M03 Momentum Rotator	$1159.43	+$159.43 (+15.9%)	$1159.43	Cash only
M04 Headline Trader	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M05 Hot Sector Rotator	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M06 Earnings Anticipator	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M07 Panic Buyer	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M08 Smart Money Tracker	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M09 Gap Fader	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M10 Coil & Breakout	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only

Security Guard Report - 2026-03-12

Patrol time: 03:30 AM (America/New_York) Agent: Security Guard (Claude Opus) AutoAudit verified: Yes (2026-03-12) Previous report: 2026-03-11

Executive Summary

Overall threat level: MEDIUM (unchanged from yesterday)
No new critical findings. All prior findings persist with minimal change. Key observations this patrol:
- lifeboat-system/ credential directory - 5th consecutive patrol. Still in workspace with full API key suite. Individual files are 600, but several parent subdirectories (den/, openclaw-config/, rclone/, signal-data/) are 755 (world-readable directory listing). No change in risk profile. - vitals-api down - Both clawstin.vital-server and clawstin.vitals-api LaunchAgents show exit -15 (SIGTERM). No process is listening on port 8765. The api.clawstin.org Cloudflare Tunnel route returns connection refused. This is a reliability issue, not a security issue. - No new credential exposure - Hellbot subagent files (new since last patrol) contain no credentials. No .env files found. No stray API keys detected. - LuLu firewall running - Both app (PID 1491) and system extension (PID 699) active. - No external threat intelligence - 5th consecutive patrol unable to check NVD/Node.js/macOS advisories (sandbox has no network access).
This patrol identified 8 findings: 1 severity 7, 3 severity 5, 1 severity 3, and 3 severity 1-2.

FINDINGS

SG-2026-03-12-001: Lifeboat-System Credential Directory in Workspace

Severity: 7 (unchanged - 5th consecutive patrol)
Evidence: ``` $ ls -la /Users/aicomputer/.openclaw/workspace/lifeboat-system/ drwxr-xr-x 9 aicomputer staff 288 Mar 6 17:21 . (755 parent dir) drwx------ 5 aicomputer staff 160 Mar 6 17:21 cloudflared (700 OK) drwxr-xr-x 4 aicomputer staff 128 Mar 6 17:21 den (755 BAD) drwx------ 7 aicomputer staff 224 Mar 6 17:21 gmail-tokens (700 OK) drwxr-xr-x 67 aicomputer staff 2144 Mar 11 09:15 launch-agents (755, no creds) drwxr-xr-x 3 aicomputer staff 96 Mar 6 17:21 openclaw-config (755 BAD) drwxr-xr-x 3 aicomputer staff 96 Mar 6 17:21 rclone (755 BAD) drwxr-xr-x 5 aicomputer staff 160 Mar 6 17:21 signal-data (755 BAD) ```
Credential files inside are all -rw------- (600), but 4 of 7 subdirectories are 755 - any local user can traverse and ls the directory contents (seeing filenames), though they cannot cat the file contents.
Contents confirmed present (file permissions are 600): - den/fernet-key.b64 - 61 bytes, Fernet master encryption key - den/creds.enc - 4792 bytes, encrypted credential store (key is adjacent) - openclaw-config/openclaw.json - plaintext API keys: sk-ant-[REDACTED], sk_[REDACTED] (ElevenLabs), sk-or-[REDACTED] (OpenRouter) - gmail-tokens/credentials.json - Google OAuth client_secret: GOCSPX-[REDACTED] - gmail-tokens/token-*.json - 3 Gmail OAuth tokens with access + refresh tokens - rclone/rclone.conf - Google Drive OAuth tokens - signal-data/535318 - Signal key material - cloudflared/2c29ad40-*.json - Cloudflare tunnel secret
Mitigating factors: - All individual files are 600 (owner-read-only) - lifeboat-system/ is in .gitignore - not committed - No git remote configured (local-only repo, confirmed via .git/config) - Nightly backup ran successfully at 02:06 today (encrypted zip to Google Drive)
Remaining risk: Fernet key stored as a file next to the encrypted store negates encryption benefit. Directory permissions on den/, openclaw-config/, rclone/, signal-data/ should be 700.
Rubric: Severity 7 - credential storage locally accessible, not externally exposed.
Action: chmod 700 on den/, openclaw-config/, rclone/, signal-data/. Consider moving lifeboat-system/ out of workspace. Store Fernet key in macOS Keychain only.

SG-2026-03-12-002: Cloudflare Tunnel - 4 Routes, 2 Active, 1 Unauthenticated

Severity: 5 (unchanged - matches accepted risk SG-2026-03-10-002 for static site)
Evidence: ``` $ cat lifeboat-system/cloudflared/config.yml ingress: - hostname: clawstin.org -> localhost:8877 (Python http.server, static, NO AUTH) ACTIVE - hostname: voice.clawstin.org -> localhost:3334 (NOT RUNNING) - hostname: webhook.clawstin.org -> localhost:18789 (NOT RUNNING) - hostname: api.clawstin.org -> localhost:8765 (NOT RUNNING - vitals-api SIGTERM) - service: http_status:404 (catch-all)
$ ps aux | grep "8877" PID 75085: Python -m http.server 8877 --directory /Users/aicomputer/clawstin-site
$ ps aux | grep "8765" (no process found)
$ launchctl list | grep vital 75085 -15 clawstin.vital-server (SIGTERM exit) 62742 -15 clawstin.vitals-api (SIGTERM exit) ```
Analysis: - clawstin.org (8877): Static site, no auth - accepted risk (SG-2026-03-10-002) - voice.clawstin.org (3334): Not running. No risk. - webhook.clawstin.org (18789): Not running. No risk. - api.clawstin.org (8765): Down (SIGTERM). No security risk while down.
Rubric: Severity 5 - static site serves display telemetry only (accepted). API is down.

SG-2026-03-12-003: Chrome Remote Desktop Running

Severity: 3 (accepted risk - SG-2026-03-09-005, permanent accept)
Evidence: ``` $ ps aux | grep remoting PID 1505: remoting_me2me_host --host-config=...org.chromium.chromoting.json --ssh-auth-sockname=/tmp/chromoting.aicomputer.ssh_auth_sock PID 1478: remoting_me2me_host_service --run-from-launchd PID 805: remoting_agent_process_broker (root) ```
Running since Saturday boot. Full desktop access via Google account + PIN.
Rubric: Accepted risk (permanent). Downrated to 3 per deduplication rule.

SG-2026-03-12-004: Signal-CLI HTTP Daemon on Localhost (No Auth)

Severity: 5 (unchanged)
Evidence: ``` $ ps aux | grep signal PID 88391: java ... org.asamk.signal.Main -a +16072208785 daemon --http 127.0.0.1:8080 --no-receive-stdout ```
signal-cli daemon on 127.0.0.1:8080 - HTTP, no TLS, no authentication. Any local process can send Signal messages as the registered number.
Mitigating factors: - Bound to 127.0.0.1 only (not 0.0.0.0) - Requires local process access - LuLu firewall active
Rubric: Severity 5 - localhost service without auth, requires local access.

SG-2026-03-12-005: Proton Bridge Sentry DSN in Process Table

Severity: 2 (unchanged - informational)
Evidence: ``` $ ps aux | grep proton PID 1508: crashpad_handler ... sentry_key=ea31df[REDACTED] ```
Sentry DSN is a public ingest-only key (by design). Not a private API credential.
Rubric: Severity 2 - informational.

SG-2026-03-12-006: Test Password in Fixture File

Severity: 1 (unchanged - informational)
Evidence: ``` $ grep "password" scripts/test-llc-intake.json "password": "SecureP@ss1" ```
Test fixture with dummy password. File is 600. Not a real credential.
Rubric: Severity 1 - test data.

SG-2026-03-12-007: Brave Browser Remote Debugging Port Active

Severity: 2 (informational - unchanged)
Evidence: ``` Multiple Brave Browser Helper processes with --remote-debugging-port=18800 --user-data-dir=/Users/aicomputer/.openclaw/browser/openclaw/user-data ```
OpenClaw headless browser for automation. Localhost-only, separate profile.
Rubric: Severity 2 - localhost dev tool, required for operation.

SG-2026-03-12-008: Ollama Local LLM Server Running

Severity: 1 (informational - new finding)
Evidence: ``` $ ps aux | grep ollama PID 1511: /Applications/Ollama.app/Contents/Resources/ollama serve Running since Sat 07AM ```
Ollama local LLM inference server. Default bind: 127.0.0.1:11434.
Rubric: Severity 1 - localhost-only local LLM. No credential risk.

Threat Landscape - External Intelligence

Status: UNAVAILABLE (5th consecutive patrol)
Sandbox has no network access. Unable to check NVD, Node.js advisories, macOS bulletins, OpenClaw GitHub, or Signal CLI issues.
Recommendation: Ghost should periodically check: 1. https://nvd.nist.gov for CVEs affecting macOS Sequoia, Python 3.9, Java 21 2. https://support.apple.com/en-us/100100 for macOS security updates 3. https://github.com/AsamK/signal-cli/releases for signal-cli 0.13.24 vulnerabilities

Risk Acceptance Cross-Reference

| Finding | Matches Accepted Risk? | Action | |---------|----------------------|--------| | SG-001 (lifeboat creds) | No - not yet accepted | Include in brief | | SG-002 (Cloudflare tunnel) | Yes - SG-2026-03-10-002 | Noted, not escalated | | SG-003 (Chrome Remote Desktop) | Yes - SG-2026-03-09-005 | Downrated to 3 | | SG-004 (signal-cli no auth) | No | Include in brief | | SG-005 (Proton sentry DSN) | No (low sev) | Informational | | SG-006 (test password) | No (low sev) | Informational | | SG-007 (Brave debug port) | No (low sev) | Informational | | SG-008 (Ollama) | No (low sev) | Informational |

Changes Since Last Patrol (2026-03-11)

1. Vitals-API down - Port 8765 has no process. LaunchAgents exited SIGTERM. Availability issue, not security. 2. Hellbot subagent deployed - New hellbot/ directory. No credentials found. state.enc is encrypted. cli.py is 600. 3. New commands added - FIX.md, BOOK.md, BRE.md, SSA.md, END.md, ULP.md. No security implications. 4. Nightly backup successful - Committed 02:00, lifeboat uploaded 02:06. 5. Directory permission inconsistency persists - den/, openclaw-config/, rclone/, signal-data/ still 755. 6. No world-writable files - find confirmed zero results. 7. No .env files - find confirmed zero results.

File Permission Audit Summary

| Path | Permission | Expected | Status | |------|-----------|----------|--------| | ~/.openclaw/ | drwx------ | 700 | OK | | ~/.openclaw/credentials/ | drwx------ | 700 | OK | | ~/.openclaw/creds.enc | -rw------- | 600 | OK | | ~/.openclaw/openclaw.json | -rw------- | 600 | OK | | workspace/.gitignore | -rw------- | 600 | OK | | lifeboat-system/ | drwxr-xr-x | 700 | BAD (755) | | lifeboat-system/den/ | drwxr-xr-x | 700 | BAD (755) | | lifeboat-system/cloudflared/ | drwx------ | 700 | OK | | lifeboat-system/gmail-tokens/ | drwx------ | 700 | OK | | lifeboat-system/openclaw-config/ | drwxr-xr-x | 700 | BAD (755) | | lifeboat-system/rclone/ | drwxr-xr-x | 700 | BAD (755) | | lifeboat-system/signal-data/ | drwxr-xr-x | 700 | BAD (755) | | All credential FILES inside | -rw------- | 600 | OK |

Summary Table

| ID | Finding | Severity | Trend | Accepted? | |----|---------|----------|-------|-----------| | SG-001 | Lifeboat-system creds in workspace | 7 | unchanged (5th) | No | | SG-002 | Cloudflare tunnel (4 routes) | 5 | unchanged | Partial | | SG-003 | Chrome Remote Desktop | 3 | unchanged | Yes | | SG-004 | signal-cli HTTP no auth | 5 | unchanged | No | | SG-005 | Proton sentry DSN in ps | 2 | unchanged | No | | SG-006 | Test password in fixture | 1 | unchanged | No | | SG-007 | Brave remote debug port | 2 | unchanged | No | | SG-008 | Ollama local LLM server | 1 | NEW | No |
No findings rated 9-10. No Signal alert required.

INNOVATIONS

RESEARCHER

Researcher Report — 2026-03-13

Phase 1: Tech Research

EAT (queued to fridge)

HOLD (notable but not fridged)

Phase 2: PaperTrader Experiments

Phase 2 Errors

Phase 3: Optimization Analysis

Session Model Usage (49 sessions, last 7d)

Researcher Budget History

Cost Optimization Opportunities

Budget Summary

AUTO AUDIT RESULTS