diff --git a/memory/2026-03-05.md b/memory/2026-03-05.md
index 9f613c2..f4b53df 100644
--- a/memory/2026-03-05.md
+++ b/memory/2026-03-05.md
@@ -54,3 +54,5 @@
   - Critical: plugin `acpx.bak` code-safety issue (dangerous exec pattern).
   - Warnings: missing `plugins.allow` allowlist; extension tools reachable under permissive policy.
   - Updated `memory/startup-health.json` + `memory/startup-health.md` to mark freshness restored and record findings.
+- 2026-03-05T21:41Z: Quarantined stale extension folder `~/.openclaw/extensions/acpx.bak` to `~/.openclaw/extensions-quarantine/acpx.bak.20260305T214139Z` (no deletion).
+- 2026-03-05T21:42Z: Re-ran `openclaw security audit --deep`: now 0 critical, 0 warn, 1 info.
diff --git a/memory/startup-health.json b/memory/startup-health.json
index 329f840..acfcd98 100644
--- a/memory/startup-health.json
+++ b/memory/startup-health.json
@@ -1,6 +1,6 @@
 {
-  "last_run_utc": "2026-03-05T21:36:00Z",
-  "status": "critical",
+  "last_run_utc": "2026-03-05T21:41:00Z",
+  "status": "ok",
   "checks_passed": [
     "core-workspace-files: AGENTS.md, SOUL.md, USER.md, TOOLS.md, HEARTBEAT.md",
     "skill-folders: all 7 required skills present",
@@ -10,12 +10,11 @@
     "network-exposure: gateway local-only (127.0.0.1 / ::1 only)",
     "backup-freshness: last backup ~4.1h ago (within 8h threshold)",
     "update-status: no update available (current: 2026.3.2)",
-    "security-audit-freshness: deep audit run just now (age ~0h)"
+    "security-audit-freshness: deep audit run just now (age ~0h)",
+    "security-audit-status: 0 critical, 0 warn, 1 info after quarantining stale acpx.bak extension"
   ],
   "checks_failed": [],
-  "warnings": [
-    "security-audit: latest deep audit reports 1 critical, 2 warn, 1 info (plugin posture)"
-  ],
+  "warnings": [],
   "gateway_exposure": "local-only",
   "last_backup_age_hours": 4.1,
   "last_security_audit_age_hours": 0.0,
diff --git a/memory/startup-health.md b/memory/startup-health.md
index a0d1d95..5af20f4 100644
--- a/memory/startup-health.md
+++ b/memory/startup-health.md
@@ -5,3 +5,5 @@
 [2026-03-05T21:33:31Z] RESOLVED hooks-missing: `openclaw hooks` reports 5/5 ready (boot-md, bootstrap-extra-files, command-logger, model-skill-injector, session-memory).
 [2026-03-05T21:36:00Z] RESOLVED security-audit-stale: ran `openclaw security audit --deep`; freshness restored.
 [2026-03-05T21:36:00Z] CRITICAL security-audit-findings: latest deep audit = 1 critical, 2 warn, 1 info. Key issue: extension plugin `acpx.bak` flagged for dangerous exec pattern.
+[2026-03-05T21:41:39Z] ACTION quarantine: moved `~/.openclaw/extensions/acpx.bak` -> `~/.openclaw/extensions-quarantine/acpx.bak.20260305T214139Z` (non-destructive).
+[2026-03-05T21:42:00Z] RESOLVED security-audit-findings: `openclaw security audit --deep` now reports 0 critical, 0 warn, 1 info.