CLAWSTIN MORNING PAPER — 2026-03-15

Sunday, 2026-03-15

INNOVATIONS

RESEARCHER

Researcher Report — 2026-03-15

Run time: 2026-03-15 01:01 ET Agent: Researcher (Haiku scan / Sonnet eval) Budget: Budget: $0.0036 / $5.00 used (15 calls, 2768in + 356out tokens) | $4.9964 remaining

Phase 1: Tech Research


Sources scanned: 99 items across HN + RSS feeds Candidates after scoring: 15 CBL evaluated: 15

EAT (queued to fridge)

- [EAT] Show HN: GitAgent – An open standard that turns any Git repo into an AI agent — _✅ queued_ - [EAT] OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration — _✅ queued_ - [EAT] Launching the Claude Partner Network — _✅ queued_ - [EAT] Claude March 2026 usage promotion — _✅ queued_ - [EAT] CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed — _✅ queued_ - [EAT] Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials — _✅ queued_ - [EAT] Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model — _✅ queued_ - [EAT] How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows — _✅ queued_ - [EAT] Python: The Optimization Ladder — _✅ queued_ - [EAT] Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation — _✅ queued_

HOLD (notable but not fridged)

- [HOLD] Fedora 44 on the Raspberry Pi 5 — - [HOLD] Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 — - [HOLD] My fireside chat about agentic engineering at the Pragmatic Summit — - [HOLD] Ageless Linux – Software for humans of indeterminate age — - [HOLD] Refinement Modeling and Verification of RISC-V Assembly Using Knuckledragger

Phase 2: PaperTrader Experiments


_No snapshot data available for today._

Phase 2 Errors

- ⚠️ No snapshot for today — cannot analyze performance

Phase 3: Optimization Analysis


> _Stale files and cron health are auditor territory (autoaudit). This phase covers cost and model routing only._

Session Model Usage (43 sessions, last 7d)


| Model | Mentions | Share | |-------|----------|-------| | Opus | 64 | 52% | | Sonnet | 37 | 30% | | Haiku | 23 | 19% |
Opus-heavy sessions: - `2026-03-14-session-02.md` (3x Opus) — Session 02 — 2026-03-14 (20:43-23:13 EDT, Opus) - `2026-03-14-session-01.md` (3x Opus) — Session 01 — 2026-03-14 (08:12-20:43 EDT, Sonnet→Opus) - `2026-03-12-session-26.md` (4x Opus) — Session 26 — 2026-03-12 (00:00–01:46 EDT, Opus) - `2026-03-11-session-25.md` (3x Opus) — Session 25 — 2026-03-11 (22:03–23:57 EDT, Opus) - `2026-03-11-session-20.md` (4x Opus) — Session 20 — 2026-03-11 (11:17–13:27 EDT, Opus)

Researcher Budget History


- last run: $0.0036 / $5.00 (0% utilized, 15 API calls)

Cost Optimization Opportunities


- Opus referenced in 64 mentions across 43 sessions (52% of model refs) → Review Opus-heavy sessions — most tasks could run on Sonnet at ~10x lower cost _Up to ~10x on affected calls_ - Researcher used only $0.0036 of $5.00 cap (0% utilization) → Consider reducing budget_cap_usd or adding more Phase 1/2 analysis depth _N/A — currently under-utilized_

Budget Summary


Total spent: $0.0036 / $5.00 cap API calls: 15 Tokens: 2768 input + 356 output
| Model | Input | Output | Cost | Note | |-------|-------|--------|------|------| | claude-haiku-4-5 | 171 | 21 | $0.000221 | CBL:Show HN: GitAgent – An open standard | | claude-haiku-4-5 | 193 | 23 | $0.000246 | CBL:OpenClaw AI Agent Flaws Could Enable | | claude-haiku-4-5 | 164 | 21 | $0.000215 | CBL:Launching the Claude Partner Network | | claude-haiku-4-5 | 185 | 22 | $0.000236 | CBL:Fedora 44 on the Raspberry Pi 5 | | claude-haiku-4-5 | 176 | 22 | $0.000229 | CBL:Claude March 2026 usage promotion | | claude-haiku-4-5 | 194 | 23 | $0.000247 | CBL:Meta to Shut Down Instagram End-to-E | | claude-haiku-4-5 | 204 | 29 | $0.000279 | CBL:CISA Flags Actively Exploited n8n RC | | claude-haiku-4-5 | 193 | 26 | $0.000258 | CBL:Critical n8n Flaws Allow Remote Code | | claude-haiku-4-5 | 190 | 30 | $0.000272 | CBL:Anthropic Finds 22 Firefox Vulnerabi | | claude-haiku-4-5 | 179 | 20 | $0.000223 | CBL:My fireside chat about agentic engin | | claude-haiku-4-5 | 201 | 21 | $0.000245 | CBL:How to Stop AI Data Leaks: A Webinar | | claude-haiku-4-5 | 164 | 22 | $0.000219 | CBL:Ageless Linux – Software for humans | | claude-haiku-4-5 | 170 | 23 | $0.000228 | CBL:Python: The Optimization Ladder | | claude-haiku-4-5 | 181 | 26 | $0.000249 | CBL:Refinement Modeling and Verification | | claude-haiku-4-5 | 203 | 27 | $0.000270 | CBL:Nine CrackArmor Flaws in Linux AppAr |

AUTO AUDIT RESULTS

AUTOAUDIT Summary -- 2026-03-15


Findings


CRITICAL


1. hellbot-daily-report and bookkeeper-daily-report cron jobs erroring. Both have `lastRunStatus: "error"` and `consecutiveErrors: 1` from their March 14 run. No `lastError` message captured — error is in agent execution, not delivery. Both are running again now (3am March 15). Both use `agentId` field (`hellbot`, `bookkeeper`) with `delivery.mode: "announce"` to Signal. If the agents don't have working sessions/configs, they'll continue failing nightly. NEW finding.
2. smoke_test.py blocked by exec preflight. Line 266 contains `$COMMANDNAME` in a Python comment (`# Parse CL.md for lines matching '$COMMANDNAME -- description'`). The exec sandbox rejects this as shell variable injection. Smoke tests could not run this audit. This also blocks any cron or heartbeat that invokes smoke_test.py. NEW finding.

WARNING


3. clear-chronic-wednesday cron delivery error persists. Job `1fe32258` still in error state, `consecutiveErrors: 1`. Error: "Delivering to Signal requires target <E.164|...>". The `delivery.to` is `+15406208059` which looks correct, but the agent prompt says to "Send Ghost a Signal DM" which may cause the agent to also try message tool internally, conflicting with announce delivery. 4th consecutive audit.
4. vitals-api and vital-server LaunchAgents exit -15 (SIGTERM). `clawstin.vital-server` (pid 75085) and `clawstin.vitals-api` (pid 62431). Both show `-15` exit status. Functional impact unclear without smoke test verification this audit. 4th consecutive audit.
5. Context load: 2,003 words (threshold: 1,500). Increased from 1,517 last audit (+486 words). Breakdown: - AGENTS.md: 926 words (was 772, +154; threshold: 400) — Swarm Canvas and Context Guard sections added - memory/2026-03-15.md: 280 words (daily log, will grow) - memory/2026-03-14.md: 153 words - TOOLS.md: 171, MEMORY.md: 117, HEARTBEAT.md: 95, SYNC.md: 94, SOUL.md: 64, IDENTITY.md: 32, USER.md: 32, WORKING_MEMORY.md: 22, STYLE.md: 17
AGENTS.md is the primary driver at 46% of total. The Swarm Canvas section (6 bullet points of python3 commands) and Context Guard section could potentially be moved to on-demand reads.
6. Stale FER plist in lifeboat. `lifeboat-system/launch-agents/clawstin.fer-monitor.plist` still exists, pointing to deleted `scripts/fer-monitor.py`. Also: `scripts/trial.py` (lines 7-8) and `TLP.md` (line 39) still reference `fer-monitor.py`. 7th consecutive audit.
7. SCHEDULE.md has 4 past-due entries. Three from 2026-03-11, one from 2026-03-13. The 3/11 entries were noted as "resolved/removed" in prior session logs but persist in the file. 10th consecutive audit for 3/11 entries.
8. Autoaudit running on Sonnet despite Opus config. session_status shows `Model: anthropic/claude-sonnet-4-6` but the cron payload specifies `model: "anthropic/claude-opus-4-6"`. Possible model-downshift plugin interference or config override. Audit quality may be affected. NEW finding.

Carried Over


1. SCHEDULE.md stale entries — 10th consecutive. 3/11 entries persist despite being logged as removed. 2. Stale FER references — 7th consecutive. Lifeboat plist + trial.py/TLP.md examples. 3. clear-chronic-wednesday delivery error — 4th consecutive. 4. vitals-api/vital-server exit -15 — 4th consecutive. 5. smoke_test.py false positives — Could not verify this audit (script blocked), but underlying issues (balance-anchor parsing, vital-widget check for decommissioned file) likely persist from 3rd consecutive last audit.

Past-Due Schedule Entries


- `2026-03-11 10:00 -- Tori post office help` - `2026-03-11 13:00 -- Garry Dan Call` - `2026-03-11 15:54 -- Hound BAM` - `2026-03-13 09:00 -- Dentist appointment in 2 weeks (March 27 at 1pm)`

Fired One-Shot Reminders


- `balance-burn-calibration-review` (99519f01, deleteAfterRun) scheduled for 2026-03-15T09:00Z (4am ET today). Not yet fired at audit time. Will auto-delete after run.

Step Completion Checklist

Step 1 -- Pre-Audit Data: completed (11 checks; 0 errors, 2 warnings: LaunchAgents flagged, schedule past-due) Step 1.5 -- Smoke Tests: BLOCKED — exec preflight rejected smoke_test.py due to `$COMMANDNAME` on line 266 (false positive; it's in a Python comment) Step 2 -- Last Report Review: completed (reviewed 2026-03-14 report; 5 carried-over issues identified) Step 3 -- Daily Integration: completed (2026-03-15 and 2026-03-14 logs reviewed; all referenced paths verified: scripts/swarm-update.py ✓, scripts/swarm-subagent.py ✓, scripts/swarm.py ✓, swarm/canvas.json ✓, PROJECTS/ACTIVE/accounts.md ✓, PROJECTS/ACTIVE/multi-agent-collaboration.md ✓, commands/actions/CBL.md ✓, commands/workflows/RDXL.md ✓, scripts/reset-all-agents.sh ✓) Step 4 -- Git Diff + Downstream: completed (4 commits reviewed; new files from sessions 1-2 on 3/14 all confirmed present; GUARDRAILS.md updated, no stale cross-references found; medic-active-recovery.md correctly moved to COMPLETE/; dedicated-signal-groups.md moved to COMPLETE/) Step 5 -- File Health Review: completed (MEMORY.md 117w healthy; context load 2,003w over 1,500 threshold; AGENTS.md 926w over 400 threshold; SCHEDULE.md 4 past-due; all injected files checked — no contradictions found) Step 6 -- Cron + Automation: completed (34 total jobs, 24 enabled, 10 disabled; model assignments: Opus for autoaudit ✓ (but running as Sonnet — see finding #8), Sonnet for morning-brief/security-guard ✓, Haiku for all routine jobs ✓; NEW errors: hellbot-daily-report and bookkeeper-daily-report both erroring; clear-chronic-wednesday still erroring; 3 disabled jobs have stale errors: beancounter, daad-website-check, balance-guard) Step 7 -- Script Validation: completed (send-todo.sh ✓, triage-proton.py ✓, triage.py ✓, watchdog/ directory ✓ with 6 files including watchdog.sh, send-alert.py; consecutive-failures.txt contains "2"; no log errors from pre_audit.py) Step 8 -- Cross-File Consistency: completed (stale FER plist + trial.py/TLP.md refs to deleted fer-monitor.py; SCHEDULE.md entries logged as removed but still present; AGENTS.md references scripts/swarm-update.py and scripts/swarm-subagent.py — both confirmed present; no other contradictions found)

CAPABILITY QUEUE

PAPER TRADING

Model Portfolio Value P/L Cash Holdings
M01 Momentum Chaser $973.74 $-26.26 (-2.6%) $670.12 MSTR 1.1148sh @$139.70, QQQ 0.2491sh @$593.69
M02 Trend Follower $996.17 $-3.83 (-0.4%) $850.00 NVDA 0.8109sh @$180.26
M03 Momentum Rotator $1159.43 +$159.43 (+15.9%) $1159.43 Cash only
M04 Headline Trader $1000.00 +$0.00 (+0.0%) $1000.00 Cash only
M05 Hot Sector Rotator $1000.00 +$0.00 (+0.0%) $1000.00 Cash only
M06 Earnings Anticipator $1000.00 +$0.00 (+0.0%) $1000.00 Cash only
M07 Panic Buyer $1000.00 +$0.00 (+0.0%) $1000.00 Cash only
M08 Smart Money Tracker $1000.00 +$0.00 (+0.0%) $1000.00 Cash only
M09 Gap Fader $999.89 $-0.11 (-0.0%) $850.00 ADBE 0.6013sh @$249.28
M10 Coil & Breakout $1000.00 +$0.00 (+0.0%) $1000.00 Cash only

Live prices: AAPL: $250.12, ADBE: $249.28, CRM: $192.80, GOOGL: $302.22, MSFT: $395.61, MSTR: $139.70, NVDA: $180.26, QQQ: $593.69, SPY: $662.30, TSLA: $391.17, WDAY: $133.04

SECURITY AUDIT

Security Guard Report - 2026-03-15

Patrol time: 03:30 AM (America/New_York) Agent: Security Guard (Claude Opus) AutoAudit verified: Yes (2026-03-15) Previous report: 2026-03-14

Executive Summary


Overall threat level: MEDIUM (unchanged from 2026-03-14)
No new critical findings. All prior recurring findings persist. This is the 7th consecutive patrol for the lifeboat-system credential directory issue. The Expo dev server that was flagged as NEW last patrol (Mar 14) is still running — PID changed from 18870 to 64322, indicating a restart during the session (Ghost actively developing CLAP app). LuLu firewall active. FileVault daemon running. Nightly backup completed successfully at 02:02 on Mar 15.
Changes since last patrol: - Expo dev server: still running (new PID 64322, started 10:38 PM Mar 14). Still LAN-bound. - Brainmap Flask server: no longer running (was noted in prior log but process not found now). - vitals-api (PID 62431) and vital-server (PID 75085): still in SIGTERM state per launchctl, processes still exist. - api.clawstin.org and voice.clawstin.org tunnel routes: no backend service listening (502 expected). Benign. - 7 jest worker processes running under clawstin-app (Expo bundler workers).
This patrol identified 9 findings: 1 severity 7, 4 severity 5, 1 severity 3, and 3 severity 1-2.

FINDINGS


SG-2026-03-15-001: Lifeboat-System Credential Directory in Workspace

Severity: 7 (unchanged — 7th consecutive patrol)
Evidence: ``` $ stat ~/.openclaw/workspace/lifeboat-system/ drwxr-xr-x 9 aicomputer staff 288 "Mar 6 17:21:55 2026" (755 — world-readable dir listing)
$ ls -la lifeboat-system/cloudflared/ -rw------- 1 aicomputer staff 175 Mar 15 02:57 2c29ad40-*.json -rw------- 1 aicomputer staff 266 Mar 15 02:57 cert.pem -rw------- 1 aicomputer staff 442 Mar 15 02:57 config.yml
$ ls -la lifeboat-system/den/ -rw------- 1 aicomputer staff 4792 Mar 15 02:57 creds.enc -rw------- 1 aicomputer staff 61 Mar 15 02:57 fernet-key.b64
$ ls -la lifeboat-system/gmail-tokens/ -rw------- 1 aicomputer staff 984 Mar 15 02:57 auth.py -rw------- 1 aicomputer staff 404 Mar 15 02:57 credentials.json -rw------- 1 aicomputer staff 695 Mar 15 02:57 token-adalsey.json -rw------- 1 aicomputer staff 695 Mar 15 02:57 token-clawstinai.json -rw------- 1 aicomputer staff 695 Mar 15 02:57 token-krspamgang.json
$ ls -la lifeboat-system/rclone/ -rw------- 1 aicomputer staff 546 Mar 15 02:57 rclone.conf
$ ls -la lifeboat-system/signal-data/ -rw------- 1 aicomputer staff 1637 Mar 15 02:57 535318 drwxr-xr-x 6 aicomputer staff 192 Mar 6 17:21 535318.d -rw------- 1 aicomputer staff 179 Mar 15 02:57 accounts.json
$ grep "lifeboat-system" .gitignore lifeboat-system/ (confirmed gitignored) ```
Contents at risk: Fernet key (`den/fernet-key.b64`) + encrypted credential blob (`den/creds.enc`), Google OAuth client secret and refresh tokens for 3 Gmail accounts, Cloudflare tunnel cert + credentials, rclone config for Google Drive, Signal protocol session state.
Impact: If fernet key + encrypted blob are exfiltrated together, ALL stored credentials can be decrypted offline. Gmail OAuth tokens allow full access to 3 accounts.
Mitigations: Gitignored (confirmed), all files 600 perms, subdirectories 700. But parent dir `lifeboat-system/` is 755 — any local process can list its contents.
Rationale: Per rubric: credential files accessible locally without privilege = severity 7-8. The 755 parent directory is the specific concern. Files themselves are 600 (good). Nightly lifeboat backup refreshes these files (~02:57 AM per timestamps today), so they're always current.
Recommendation: `chmod 700 lifeboat-system/` to remove world-readable directory listing.
Accepted risk: No — not yet in accepted-risks.md.

SG-2026-03-15-002: Cloudflare Tunnel Serves 4 Ingress Routes

Severity: 3 (accepted risk for static site; informational for others)
Evidence: ``` $ cat lifeboat-system/cloudflared/config.yml tunnel: 2c29ad40-[REDACTED] credentials-file: /Users/aicomputer/.cloudflared/2c29ad40-*.json
ingress: - hostname: clawstin.org -> localhost:8877 (Python http.server, PID 75085) - hostname: voice.clawstin.org -> localhost:3334 (NO PROCESS — will 502) - hostname: webhook.clawstin.org -> localhost:18789 (openclaw-gateway, PID 59999) - hostname: api.clawstin.org -> localhost:8765 (NO PROCESS — will 502) - service: http_status:404
$ ps aux | grep http.server (filtered) PID 75085 — python3 -m http.server 8877 --directory ~/clawstin-site
$ ps aux | grep openclaw (filtered) PID 59999 — openclaw-gateway ```
Impact: clawstin.org serves static site (telemetry only — accepted). webhook.clawstin.org serves the OpenClaw gateway (authenticated via Signal pairing). voice.clawstin.org and api.clawstin.org have no backend — safe (502 response).
Rationale: Static site exposure accepted per SG-2026-03-10-002. Gateway has its own auth. Unused routes benign.
Accepted risk: Yes — SG-2026-03-10-002 covers clawstin.org static site.

SG-2026-03-15-003: Chrome Remote Desktop Running

Severity: 3 (accepted risk)
Evidence: ``` $ ps aux | grep remoting (filtered) PID 1505 — remoting_me2me_host --host-config=...org.chromium.chromoting.json --ssh-auth-sockname=/tmp/chromoting.aicomputer.ssh_auth_sock PID 1478 — remoting_me2me_host_service --run-from-launchd PID 805 (root) — remoting_agent_process_broker ```
Impact: Full desktop access via Google account + PIN. SSH auth socket at /tmp path.
Rationale: Accepted per SG-2026-03-09-005. Intentional remote access tool.
Accepted risk: Yes — SG-2026-03-09-005.

SG-2026-03-15-004: Signal-CLI HTTP Daemon on 127.0.0.1:8080 (No Auth)

Severity: 5 (unchanged — 7th consecutive patrol)
Evidence: ``` $ ps aux | grep signal-cli (filtered) PID 60024 — java ... org.asamk.signal.Main -a +16072208785 daemon --http 127.0.0.1:8080 --no-receive-stdout ```
Impact: Any local process can send Signal messages as +16072208785 via HTTP requests to 127.0.0.1:8080. No authentication on the HTTP API. Bound to localhost only — not externally accessible.
Rationale: Per rubric, locally-accessible unauthenticated service = severity 5-6. Mitigated by localhost binding. A compromised local process could abuse this for phishing/impersonation via Signal.
Accepted risk: No.

SG-2026-03-15-005: Proton Mail Bridge Sentry Key in Process List

Severity: 2 (unchanged)
Evidence: ``` $ ps aux | grep sentry_key (filtered) PID 1508 — crashpad_handler ... --url=https://mail-api.proton.me:443/.../minidump/?sentry_key=[REDACTED] ```
Impact: This is a Proton-issued DSN key for crash reporting, not a Clawstin credential. Visible to any process that can list processes (`ps aux`). Standard application behavior.
Rationale: Per rubric, informational. Not a Clawstin-managed secret.
Accepted risk: N/A — informational only.

SG-2026-03-15-006: Brave Browser Remote Debugging Port 18800

Severity: 5 (unchanged — 7th consecutive patrol)
Evidence: ``` $ ps aux | grep brave.*remote-debugging (filtered) PID 61069 — Brave Browser --remote-debugging-port=18800 --user-data-dir=~/.openclaw/browser/openclaw/user-data Multiple renderer processes (PIDs 61092, 61095, 61097, 61098) also reference port 18800. ```
Impact: Chrome DevTools Protocol accessible on localhost:18800. Allows full browser manipulation including reading cookies, intercepting traffic, and executing JavaScript in any open tab. Bound to localhost only.
Rationale: Per rubric, localhost service with sensitive data access = severity 5. Intentional for OpenClaw browser automation. Mitigated by localhost binding and LuLu firewall.
Accepted risk: No — not yet in accepted-risks.md.

SG-2026-03-15-007: Ollama LLM Server Running

Severity: 1 (unchanged)
Evidence: ``` $ ps aux | grep ollama (filtered) PID 1511 — /Applications/Ollama.app/Contents/Resources/ollama serve PID 1494 — /Applications/Ollama.app/Contents/MacOS/Ollama hidden ```
Impact: Local LLM inference server on default port (11434). Localhost only. No sensitive data exposure.
Rationale: Per rubric, informational. Standard development tool.
Accepted risk: N/A.

SG-2026-03-15-008: Stale FER Monitor Plist in LaunchAgents

Severity: 1 (unchanged — per AutoAudit, 7th consecutive)
Evidence: ``` $ ls ~/Library/LaunchAgents/ | grep fer-monitor clawstin.fer-monitor.plist (file exists)
$ launchctl list | grep fer-monitor (no output) — NOT loaded
$ ls lifeboat-system/launch-agents/ | grep fer-monitor clawstin.fer-monitor.plist (also in lifeboat copy) ```
Impact: Stale plist pointing to deleted `scripts/fer-monitor.py`. Not loaded by launchd (confirmed). If loaded, would fail silently. No security impact.
Rationale: Per rubric, informational. Housekeeping item only.
Accepted risk: N/A.

SG-2026-03-15-009: Expo Dev Server Running on LAN

Severity: 5 (2nd consecutive patrol — was NEW last patrol)
Evidence: ``` $ ps aux | grep expo (filtered) PID 64322 — node ~/clawstin-app/node_modules/.bin/expo start --lan --clear (started 10:38 PM Mar 14) PID 64310 — npm exec expo start --lan --clear
7 jest worker processes (PIDs 64383-64389) — Expo bundler workers ```
Impact: Expo Metro bundler bound to LAN interface (not just localhost). Typical ports: 8081 (Metro), 19000 (Expo DevTools). Accessible to any device on the local network (192.168.1.x). A device on the same WiFi network could potentially interact with the dev server.
Rationale: Per rubric, service bound to non-localhost interface = severity 5-6. The `--lan` flag is intentional for mobile development (Ghost developing CLAP app and pushing to phone). Risk is limited to LAN exposure only.
Recommendation: When not actively developing, stop the Expo server or use `--localhost` instead of `--lan`.
Accepted risk: No.

Threat Landscape (External Intelligence)


Status: NOT CHECKED (7th consecutive patrol)
The security guard sandbox does not have network access. External threat intelligence from NVD, Node.js advisories, macOS security bulletins, and GitHub advisory feeds could not be checked.
Relevant context from system state: - OpenSSL version: 3.6.1 (2026-01-27) — current - Node.js: v25.6.1 (via homebrew) — recent - signal-cli: 0.13.24 — recent - macOS: appears to be current Sonoma (system uptime since Mar 7)
Note: Ghost should periodically check https://nodejs.org/en/security and https://nvd.nist.gov for any CVEs affecting Node.js 25.x or macOS Sonoma.

Risk Acceptance Notes


| Finding | Matches Accepted Risk? | Action | |---------|----------------------|--------| | SG-2026-03-15-001 (Lifeboat creds) | No — not accepted | 7th consecutive. Recommend accepting or fixing (chmod 700). | | SG-2026-03-15-002 (Cloudflare tunnel) | Yes — SG-2026-03-10-002 | Rated 3 per dedup rule. | | SG-2026-03-15-003 (Chrome Remote Desktop) | Yes — SG-2026-03-09-005 | Rated 3 per dedup rule. | | SG-2026-03-15-004 (Signal-CLI HTTP) | No — not accepted | 7th consecutive. | | SG-2026-03-15-005 (Proton sentry key) | N/A | Informational only. | | SG-2026-03-15-006 (Brave debug port) | No — not accepted | 7th consecutive. | | SG-2026-03-15-007 (Ollama) | N/A | Informational only. | | SG-2026-03-15-008 (Stale FER plist) | N/A | Housekeeping. | | SG-2026-03-15-009 (Expo LAN) | No — not accepted | 2nd consecutive. |

LaunchAgent Status


| Agent | PID | Status | Notes | |-------|-----|--------|-------| | clawstin.cloudflared | 27405 | Running (exit 0) | Healthy | | clawstin.vital-server | 75085 | Exit -15 (SIGTERM) | Process alive despite SIGTERM | | clawstin.vitals-api | 62431 | Exit -15 (SIGTERM) | Process alive despite SIGTERM | | clawstin.fer-monitor | — | Not loaded | Stale plist (7th audit) | | clawstin.balance-checker | — | Disabled (.disabled) | Accepted (SG-2026-03-10-006) |

Infrastructure Summary


- LuLu Firewall: Running (PID 1491 app + PID 699 system extension) - FileVault: filevaultd running (PID 1007) - Nightly Backup: Completed 2026-03-15 02:02:07 (git commit + lifeboat to Google Drive) - Billing Watchdog: Last OK at 03:28:17 (5-minute intervals, all OK) - Tailscaled: Running (PID 655, root) - Docker Desktop: Running (PID 1574 + helpers) - Signal-CLI: Running (PID 60024) - OpenClaw Gateway: Running (PID 59999) - Proton Mail Bridge: Running (PID 1501/1510)

Credential Scan Results


- `.env` files in workspace: None found - API key patterns (sk-ant-, ghp_, xox*, AIza, AKIA) in config/data/log files: None detected (sandbox restrictions limited deep recursive grep — see Sandbox Limitations) - JWT tokens in log files: Not detected - Stray credential files in /tmp: Could not check (sandbox blocked) - CREDENTIALS.md: Contains only references to Den (no raw secrets)

Sandbox Limitations This Patrol


The following checks were blocked by the security-guard sandbox restrictions: 1. `lsof -i -P -n | grep LISTEN` — blocked (could not enumerate open ports directly) 2. `find -exec grep` — blocked (could not do deep recursive credential scans) 3. `grep -rl` with certain patterns — blocked on some path combinations 4. `/var/log/secure` and `/var/log/auth.log` — do not exist on macOS 5. Network access for external threat intelligence — blocked (7th consecutive) 6. `npm audit` — no package-lock.json in workspace root; clawstin-app is outside workspace 7. LuLu rules: NSKeyedArchiver format readable but action values (182/200) not decoded to allow/block 8. `git remote -v` and `git log` — blocked by sandbox
Workaround used: Process analysis via `ps aux`, `launchctl list`, file listing, targeted `grep` on known-risk files.

End of Security Guard Report — 2026-03-15 Next patrol: 03:30 AM 2026-03-16