Clawstin Morning Paper

AUTOAUDIT Summary -- 2026-03-14

Findings

WARNING

1. clear-chronic-wednesday cron delivery error persists. Job `clear-chronic-wednesday` (1fe32258) still in error state. consecutiveErrors: 1. Error: "Delivering to Signal requires target <E.164|uuid:ID|group:ID|signal:group:ID|signal:+E.164>". The `delivery.to` field is set to `signal:+15406208059` — the `signal:` prefix appears to be causing the issue. Should likely be just `+15406208059` (matching all other jobs). 3rd consecutive audit with this finding.
2. vital-widget-freshness smoke test FAIL (false positive). `state/vital-widget.json` still missing — intentionally decommissioned. smoke_test.py still checks for it. The test itself needs updating. 3rd consecutive audit.
3. balance-anchor smoke test WARN (false positive). Reports "no last_checked timestamp" but `vital-balance-anchor.json` contains `"last_checked": "2026-03-14T01:00:00Z"`. Balance: $61.22. smoke_test.py parsing bug. 3rd consecutive audit.
4. com.clawstin.balance-notify LaunchAgent exit code 1. Pre-audit flagged this agent with exit status 1 (failure). 2nd consecutive audit.
5. vitals-api and vital-server LaunchAgents exit -15 (SIGTERM). `clawstin.vital-server` (pid 75085) and `clawstin.vitals-api` (pid 95401). Smoke test confirms flask-api on :8765 IS responding, so functional impact is nil — these are likely launchd restarts. 3rd consecutive audit.
6. Stale FER plist in lifeboat. `lifeboat-system/launch-agents/clawstin.fer-monitor.plist` still exists, pointing to deleted `scripts/fer-monitor.py`. Not loaded. Dead artifact. 6th consecutive audit. Also: `scripts/trial.py` (line 7-8) and `TLP.md` (line 39) still reference `fer-monitor.py` as examples.
7. Context load: 1,517 words (threshold: 1,500). Barely over threshold. Files over 400-word threshold: - AGENTS.md: 772 words (auto-injected)
Full breakdown: AGENTS.md 772, SOUL.md 64, TOOLS.md 171, IDENTITY.md 32, USER.md 32, HEARTBEAT.md 95, MEMORY.md 117, STYLE.md 17, SYNC.md 97, WORKING_MEMORY.md 22, memory/2026-03-13.md 98. Total: 1,517. memory/2026-03-14.md does not yet exist.
Improvement from last audit (2,163 → 1,517, -646 words) due to memory/2026-03-13.md distillation (was 542 on 3/12 daily, now 98). AGENTS.md remains the largest single file at 772 words.
8. SCHEDULE.md has 4 past-due entries. Three from 2026-03-11, one from 2026-03-13. The 3/11 entries were noted as "resolved/removed" in session 27 log but remain in file. 9th consecutive audit for the 3/11 entries.

Carried Over

1. SCHEDULE.md stale entries — 9th consecutive audit. The 3/11 entries (Tori post office, Garry Dan Call, Hound BAM) were logged as removed but persist. 2. Stale FER references — 6th consecutive. Lifeboat plist + trial.py/TLP.md examples. 3. smoke_test.py false positives — 3rd consecutive. balance-anchor "no last_checked" and vital-widget-freshness (checking for intentionally removed file). 4. clear-chronic-wednesday delivery error — 3rd consecutive. delivery.to uses `signal:+15406208059` instead of `+15406208059`. 5. com.clawstin.balance-notify exit 1 — 2nd consecutive.

Past-Due Schedule Entries

- `2026-03-11 10:00 -- Tori post office help` - `2026-03-11 13:00 -- Garry Dan Call` - `2026-03-11 15:54 -- Hound BAM` - `2026-03-13 09:00 -- Dentist appointment in 2 weeks (March 27 at 1pm)`

Fired One-Shot Reminders

- No fired one-shot plists detected. - `balance-burn-calibration-review` (one-shot, deleteAfterRun) scheduled for 2026-03-15T09:00Z — fires tomorrow.

Step Completion Checklist

Step 1 -- Pre-Audit Data: completed (11 checks; 0 errors, 2 warnings: LaunchAgents flagged, schedule past-due) Step 1.5 -- Smoke Tests: completed (12 checks; 9 pass, 2 warn, 1 fail: vital-widget missing, balance-anchor field mismatch, cron error) Step 2 -- Last Report Review: completed (reviewed 2026-03-13 report; morning-brief CRITICAL resolved — now consecutiveErrors: 0, lastRunStatus: ok. clear-chronic-wednesday still in error.) Step 3 -- Daily Integration: completed (2026-03-13 log reviewed; no 2026-03-14 log yet; all referenced scripts verified at stated paths; $OPINV command, accounts project, vendor DB all confirmed present) Step 4 -- Git Diff + Downstream: completed (4 commits reviewed; accounts/agent and hellbot/agent directories confirmed present; no stale references to changed values found) Step 5 -- File Health Review: completed (MEMORY.md 117w healthy; context load 1,517w barely over 1,500 threshold; AGENTS.md 772w over 400 threshold; SCHEDULE.md has 4 past-due entries; all injected files checked — no contradictions or inaccuracies found) Step 6 -- Cron + Automation: completed (24 cron jobs reviewed; clear-chronic-wednesday delivery error persists; model assignments appropriate: Opus for autoaudit, Sonnet for morning-brief/security-guard, Haiku for all routine jobs; hellbot-daily-report and bookkeeper-daily-report are new agent jobs — both correctly use isolated/agentTurn with announce delivery) Step 7 -- Script Validation: completed (send-todo.sh ✓, triage-proton.py ✓, triage.py ✓, watchdog/ directory ✓ with 6 files; no log errors from pre_audit.py) Step 8 -- Cross-File Consistency: completed (stale FER plist in lifeboat; trial.py and TLP.md reference deleted fer-monitor.py; SCHEDULE.md entries logged as removed but still present; no other contradictions found)

Model	Portfolio Value	P/L	Cash	Holdings
M01 Momentum Chaser	$973.74	$-26.26 (-2.6%)	$670.12	MSTR 1.1148sh @$139.70, QQQ 0.2491sh @$593.69
M02 Trend Follower	$996.17	$-3.83 (-0.4%)	$850.00	NVDA 0.8109sh @$180.26
M03 Momentum Rotator	$1159.43	+$159.43 (+15.9%)	$1159.43	Cash only
M04 Headline Trader	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M05 Hot Sector Rotator	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M06 Earnings Anticipator	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M07 Panic Buyer	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M08 Smart Money Tracker	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only
M09 Gap Fader	$999.89	$-0.11 (-0.0%)	$850.00	ADBE 0.6013sh @$249.28
M10 Coil & Breakout	$1000.00	+$0.00 (+0.0%)	$1000.00	Cash only

Security Guard Report - 2026-03-14

Patrol time: 03:34 AM (America/New_York) Agent: Security Guard (Claude Opus) AutoAudit verified: Yes (2026-03-14) Previous report: 2026-03-12

Executive Summary

Overall threat level: MEDIUM (unchanged from 2026-03-12)
No new critical findings. All prior recurring findings persist with minimal change. This is the 6th consecutive patrol for the lifeboat-system credential directory issue. Key observations this patrol:
- Lifeboat-system/ credential directory - 6th consecutive patrol. Fernet key + encrypted creds, OAuth tokens, Cloudflare cert, Signal data, rclone config all present. Gitignored, file perms 600, but parent directory `lifeboat-system/` is 755 (world-readable directory listing). - Signal-CLI HTTP daemon on 127.0.0.1:8080 - No authentication. Localhost only. - Brave remote-debugging port 18800 - Localhost only. - Ollama LLM server running - Default port, localhost. Low risk. - Proton Mail Bridge Sentry key in process list - Proton-issued key, not Clawstin credential. - LuLu firewall running - App (PID 1491) + system extension (PID 699, root) active. - Chrome Remote Desktop running - Accepted risk (SG-2026-03-09-005). - Vitals-API exit -15 - Processes running despite SIGTERM status. Availability issue only. - Lifeboat backup successful - 2026-03-14 02:02:00 to Google Drive + VPS. Encrypted. - No external threat intelligence - 6th consecutive patrol (sandbox has no network access). - NEW: Expo dev server running - Node.js Expo (PID 18870) bound to LAN. New since last patrol.
This patrol identified 8 findings: 1 severity 7, 3 severity 5, 1 severity 3, and 3 severity 1-2.

FINDINGS

SG-2026-03-14-001: Lifeboat-System Credential Directory in Workspace

Severity: 7 (unchanged - 6th consecutive patrol)
Evidence: ``` $ ls -la ~/.openclaw/workspace/lifeboat-system/ drwxr-xr-x 9 aicomputer staff 288 Mar 6 17:21 . (755 - world-readable dir listing) drwx------ 5 aicomputer staff 160 cloudflared drwx------ 4 aicomputer staff 128 den drwx------ 7 aicomputer staff 224 gmail-tokens drwxr-xr-x 67 aicomputer staff 2144 launch-agents drwx------ 3 aicomputer staff 96 openclaw-config drwx------ 3 aicomputer staff 96 rclone drwx------ 5 aicomputer staff 160 signal-data
$ ls -la lifeboat-system/den/ -rw------- 1 aicomputer staff 4792 Mar 14 02:00 creds.enc -rw------- 1 aicomputer staff 61 Mar 14 02:00 fernet-key.b64
$ ls -la lifeboat-system/gmail-tokens/ -rw------- 1 aicomputer staff 984 auth.py -rw------- 1 aicomputer staff 404 credentials.json (OAuth client_secret present) -rw------- 1 aicomputer staff 695 token-adalsey.json -rw------- 1 aicomputer staff 695 token-clawstinai.json -rw------- 1 aicomputer staff 695 token-krspamgang.json
$ ls -la lifeboat-system/cloudflared/ -rw------- 1 aicomputer staff 175 2c29ad40-*.json -rw------- 1 aicomputer staff 266 cert.pem -rw------- 1 aicomputer staff 442 config.yml
$ ls -la lifeboat-system/rclone/ -rw------- 1 aicomputer staff 546 rclone.conf
$ grep "lifeboat-system" .gitignore lifeboat-system/ (Confirmed gitignored) ```
Contents at risk: - `den/fernet-key.b64` - Fernet key that decrypts creds.enc (master credential store) - `den/creds.enc` - Encrypted credential blob - `gmail-tokens/credentials.json` - Google OAuth client_secret: `GOCSPX-[REDACTED]` - `gmail-tokens/token-*.json` - OAuth refresh tokens for 3 Gmail accounts - `cloudflared/cert.pem` - Cloudflare tunnel certificate - `cloudflared/2c29ad40-*.json` - Cloudflare tunnel credentials - `rclone/rclone.conf` - rclone config (Google Drive access) - `signal-data/535318` + `accounts.json` - Signal protocol session state
Impact: If fernet key + encrypted blob are exfiltrated together, ALL stored credentials can be decrypted offline. Gmail OAuth tokens allow full access to 3 accounts. Cloudflare cert allows tunnel management.
Mitigations: Gitignored. All files 600. Subdirectories 700. Updated daily at 02:00 via backup rotation.
Rubric: Credential Exposure 7 - adjusted from 9 because gitignored + 600 perms. Key concern: fernet-key.b64 co-located with creds.enc.
Accepted risk: No.

SG-2026-03-14-002: Cloudflare Tunnel Exposes 4 Services

Severity: 3 (partially accepted)
Evidence: ``` $ cat lifeboat-system/cloudflared/config.yml ingress: - hostname: clawstin.org -> localhost:8877 (python http.server) - hostname: voice.clawstin.org -> localhost:3334 (nothing listening) - hostname: webhook.clawstin.org -> localhost:18789 (openclaw-gateway) - hostname: api.clawstin.org -> localhost:8765 (vitals-api) - service: http_status:404
$ ls ~/clawstin-site/ brain-map.html paper/ vital-version.txt vital-widget-latest.js vital-widget.json vital.json (symlinks to workspace - display telemetry only)
$ ls ~/clawstin-site/paper/ 2026-03-07.html ... 2026-03-13.html index.html (daily reports served publicly) ```
Assessment: - clawstin.org (8877): Accepted risk (SG-2026-03-10-002). Paper/ reports now served - could not verify credential-free due to sandbox. - voice.clawstin.org (3334): Nothing listening. No risk. - webhook.clawstin.org (18789): OpenClaw gateway. Authenticated. - api.clawstin.org (8765): Vitals API. Running.
Accepted risk: Partial - SG-2026-03-10-002 covers static site.

SG-2026-03-14-003: Chrome Remote Desktop Running (Accepted)

Severity: 2 (accepted)
Evidence: ``` $ ps aux | grep remoting PID 1505 remoting_me2me_host --ssh-auth-sockname=/tmp/chromoting.aicomputer.ssh_auth_sock PID 1478 remoting_me2me_host_service --run-from-launchd PID 805 remoting_agent_process_broker (root) ```
Accepted risk: Yes - SG-2026-03-09-005. Permanently accepted.

SG-2026-03-14-004: Signal-CLI HTTP Daemon Without Authentication

Severity: 5 (unchanged)
Evidence: ``` $ ps aux | grep java PID 88391 org.asamk.signal.Main -a +16072208785 daemon --http 127.0.0.1:8080 --no-receive-stdout ```
Any local process can send Signal messages as the registered number. Bound to 127.0.0.1 only.
Rubric: Network Exposure 5 - internally exposed service without auth.
Accepted risk: No.

SG-2026-03-14-005: Proton Mail Bridge Sentry Key in Process List

Severity: 1 (informational)
Evidence: ``` $ ps aux | grep Proton PID 1508 crashpad_handler ... sentry_key=[REDACTED] ```
Proton-issued Sentry DSN key. Not a Clawstin credential.

SG-2026-03-14-006: Brave Browser Remote Debugging Port 18800

Severity: 5 (unchanged)
Evidence: ``` $ ps aux | grep 18800 PID 19062 Brave Browser --remote-debugging-port=18800 --user-data-dir=~/.openclaw/browser/openclaw/user-data ```
Chrome DevTools Protocol on 18800 allows full browser control (tabs, JS execution, cookies, sessions). OpenClaw automation browser with authenticated sessions. Any local process can connect.
Mitigations: Localhost only. LuLu active. Separate user-data-dir.
Rubric: Network Exposure 5. Combined with SG-004, local code execution could chain browser theft + Signal messaging.
Accepted risk: No.

SG-2026-03-14-007: Ollama LLM Server Running

Severity: 2 (informational)
Evidence: ``` PID 1511 ollama serve ```
Local LLM on port 11434. No auth, localhost. No sensitive data.

SG-2026-03-14-008: Stale FER Monitor Plist in Lifeboat

Severity: 1 (6th consecutive via AutoAudit)
``` lifeboat-system/launch-agents/clawstin.fer-monitor.plist -> deleted scripts/fer-monitor.py ```
Not loaded. Dead artifact.

System Health

Services

| Service | Port | Binding | Status | |---------|------|---------|--------| | http.server (static) | 8877 | localhost | Running PID 75085 | | OpenClaw Gateway | 18789 | localhost | Running PID 86977 | | Vitals API | 8765 | localhost | Running PID 95401 (launchd: -15) | | Signal-CLI HTTP | 8080 | 127.0.0.1 | Running PID 88391 | | Brave CDP | 18800 | localhost | Running PID 19062 | | Ollama | 11434 | localhost | Running PID 1511 | | Cloudflare Tunnel | outbound | -- | Running PID 27405 | | Expo dev server | varies | LAN | Running PID 18870 (NEW) |

Security Infrastructure

| Component | Status | |-----------|--------| | LuLu Firewall | Active (PID 1491 + 699) | | Tailscale VPN | Active (PID 655, root) | | Chrome Remote Desktop | Active (accepted) | | Proton Mail Bridge | Active (PID 1501) | | Docker Desktop | Active | | SSH Agent | Active (PID 29434) |

Credentials

| Store | Perms | Modified | |-------|-------|----------| | ~/.openclaw/creds.enc | 600 | Mar 11 | | ~/.openclaw/rolodex.enc | 600 | Mar 9 | | auth-profiles.json | 600 | Mar 14 03:01 | | lifeboat/den/fernet-key.b64 | 600 | Mar 14 02:00 | | lifeboat/den/creds.enc | 600 | Mar 14 02:00 |

Backup

- Last: 2026-03-14 02:02:00 | GDrive: yes | VPS: yes | Local: 10 copies | Integrity: pass

Scans

- No API keys in state/ or memory/ files - Template examples only in balance-console-api-research.md (sk-ant-sid02-...) - No .env files in workspace - No stray credential files in /tmp - Gmail OAuth credentials.json: GOCSPX-[REDACTED] (gitignored, 600) - OpenSSL 3.6.1 current | Node 25.6.1 current - npm audit: could not run (no lockfile in workspace root)

External Threats

UNABLE TO CHECK (6th consecutive). Sandbox has no network access.
Unchecked: NVD, OpenClaw advisories, Node.js security, macOS bulletins, Signal-CLI issues.

Changes Since 2026-03-12

1. NEW: Expo dev server - Node.js Expo PID 18870 + 7 jest workers. Bound to LAN. 2. voice.clawstin.org still inactive (nothing on 3334). 3. Docker building clawstin-sandbox (persistent). 4. Lifeboat backup successful at 02:02. 5. Auth profiles refreshed Mar 14 03:01. 6. OpenClaw version: 2026.3.12 (current).

Recommendations

1. [Sev 7] Store fernet-key.b64 in macOS Keychain, not alongside creds.enc. 2. [Sev 5] Add auth to Signal-CLI HTTP daemon or use Unix socket. 3. [Sev 5] Restrict Brave CDP with --remote-allow-origins=. 4. [Sev 5] Stop Expo dev server when not in active development (LAN-bound). 5. [Info] Formally accept SG-005, SG-007, SG-008 to reduce noise. 6. [Info] Audit paper/ HTML reports for credential leakage.

Generated 2026-03-14 03:34 EDT | Next patrol: 2026-03-15 ~03:30 EDT

INNOVATIONS

RESEARCHER

Researcher Report — 2026-03-14

Phase 1: Tech Research

EAT (queued to fridge)

HOLD (notable but not fridged)

TRASH: 1 items discarded

Phase 2: PaperTrader Experiments

Phase 2 Errors

Phase 3: Optimization Analysis

Session Model Usage (51 sessions, last 7d)

Researcher Budget History

Cost Optimization Opportunities

Budget Summary

AUTO AUDIT RESULTS