will/swarm-zap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(security): quarantine stale acpx.bak and clear audit findings

Browse Source
This commit is contained in:
zap
2026-03-05 21:42:04 +00:00
parent b76815b4da
commit 3c898aafd1
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
memory/2026-03-05.md
View File

@@ -54,3 +54,5 @@
- Critical: plugin `acpx.bak` code-safety issue (dangerous exec pattern).
- Warnings: missing `plugins.allow` allowlist; extension tools reachable under permissive policy.
- Updated `memory/startup-health.json` + `memory/startup-health.md` to mark freshness restored and record findings.
- 2026-03-05T21:41Z: Quarantined stale extension folder `~/.openclaw/extensions/acpx.bak` to `~/.openclaw/extensions-quarantine/acpx.bak.20260305T214139Z` (no deletion).
- 2026-03-05T21:42Z: Re-ran `openclaw security audit --deep`: now 0 critical, 0 warn, 1 info.

11
memory/startup-health.json
View File

@@ -1,6 +1,6 @@
{
"last_run_utc": "2026-03-05T21:36:00Z",
"status": "critical",
"last_run_utc": "2026-03-05T21:41:00Z",
"status": "ok",
"checks_passed": [
"core-workspace-files: AGENTS.md, SOUL.md, USER.md, TOOLS.md, HEARTBEAT.md",
"skill-folders: all 7 required skills present",
@@ -10,12 +10,11 @@
"network-exposure: gateway local-only (127.0.0.1 / ::1 only)",
"backup-freshness: last backup ~4.1h ago (within 8h threshold)",
"update-status: no update available (current: 2026.3.2)",
"security-audit-freshness: deep audit run just now (age ~0h)"
"security-audit-freshness: deep audit run just now (age ~0h)",
"security-audit-status: 0 critical, 0 warn, 1 info after quarantining stale acpx.bak extension"
],
"checks_failed": [],
"warnings": [
"security-audit: latest deep audit reports 1 critical, 2 warn, 1 info (plugin posture)"
],
"warnings": [],
"gateway_exposure": "local-only",
"last_backup_age_hours": 4.1,
"last_security_audit_age_hours": 0.0,

2
memory/startup-health.md
View File

@@ -5,3 +5,5 @@
[2026-03-05T21:33:31Z] RESOLVED hooks-missing: `openclaw hooks` reports 5/5 ready (boot-md, bootstrap-extra-files, command-logger, model-skill-injector, session-memory).
[2026-03-05T21:36:00Z] RESOLVED security-audit-stale: ran `openclaw security audit --deep`; freshness restored.
[2026-03-05T21:36:00Z] CRITICAL security-audit-findings: latest deep audit = 1 critical, 2 warn, 1 info. Key issue: extension plugin `acpx.bak` flagged for dangerous exec pattern.
[2026-03-05T21:41:39Z] ACTION quarantine: moved `~/.openclaw/extensions/acpx.bak` -> `~/.openclaw/extensions-quarantine/acpx.bak.20260305T214139Z` (non-destructive).
[2026-03-05T21:42:00Z] RESOLVED security-audit-findings: `openclaw security audit --deep` now reports 0 critical, 0 warn, 1 info.