From b76815b4da426e296c0fadd9926fe178d7178d0b Mon Sep 17 00:00:00 2001
From: zap <zap@local>
Date: Thu, 5 Mar 2026 21:37:25 +0000
Subject: [PATCH] chore(security): refresh deep-audit status and clear stale
 warning

---
 memory/2026-03-05.md       |  5 +++++
 memory/startup-health.json | 11 ++++++-----
 memory/startup-health.md   |  2 ++
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/memory/2026-03-05.md b/memory/2026-03-05.md
index 89b59f6..9f613c2 100644
--- a/memory/2026-03-05.md
+++ b/memory/2026-03-05.md
@@ -49,3 +49,8 @@
 - Will wants to keep zap's "light" council skill AND have Flynn's deterministic pipeline available for delegation.
 - Work to happen on feature branch `fix/council-pipeline`.
 - Estimated effort: 1-2 focused sessions.
+- 2026-03-05T21:36Z: Ran `openclaw security audit --deep` on request to clear stale-audit warning.
+  - Result: 1 critical, 2 warn, 1 info.
+  - Critical: plugin `acpx.bak` code-safety issue (dangerous exec pattern).
+  - Warnings: missing `plugins.allow` allowlist; extension tools reachable under permissive policy.
+  - Updated `memory/startup-health.json` + `memory/startup-health.md` to mark freshness restored and record findings.
diff --git a/memory/startup-health.json b/memory/startup-health.json
index 05a67bd..329f840 100644
--- a/memory/startup-health.json
+++ b/memory/startup-health.json
@@ -1,6 +1,6 @@
 {
-  "last_run_utc": "2026-03-05T04:28:00Z",
-  "status": "warn",
+  "last_run_utc": "2026-03-05T21:36:00Z",
+  "status": "critical",
   "checks_passed": [
     "core-workspace-files: AGENTS.md, SOUL.md, USER.md, TOOLS.md, HEARTBEAT.md",
     "skill-folders: all 7 required skills present",
@@ -9,14 +9,15 @@
     "permissions: ~/.openclaw is 700; all credentials are 600",
     "network-exposure: gateway local-only (127.0.0.1 / ::1 only)",
     "backup-freshness: last backup ~4.1h ago (within 8h threshold)",
-    "update-status: no update available (current: 2026.3.2)"
+    "update-status: no update available (current: 2026.3.2)",
+    "security-audit-freshness: deep audit run just now (age ~0h)"
   ],
   "checks_failed": [],
   "warnings": [
-    "security-audit: no recent openclaw security audit --deep result found (stale/missing)"
+    "security-audit: latest deep audit reports 1 critical, 2 warn, 1 info (plugin posture)"
   ],
   "gateway_exposure": "local-only",
   "last_backup_age_hours": 4.1,
-  "last_security_audit_age_hours": null,
+  "last_security_audit_age_hours": 0.0,
   "update_status": "up-to-date (2026.3.2 stable)"
 }
diff --git a/memory/startup-health.md b/memory/startup-health.md
index 3b3bfb0..a0d1d95 100644
--- a/memory/startup-health.md
+++ b/memory/startup-health.md
@@ -3,3 +3,5 @@
 [2026-03-05T04:28:00Z] WARN hooks-missing: 0 hooks installed (expected: session-memory, command-logger, bootstrap-extra-files, boot-md). Fix: run `openclaw hooks install <pack>` for each required hook.
 [2026-03-05T04:28:00Z] WARN security-audit-stale: no recent `openclaw security audit --deep` result found. Fix: run `openclaw security audit --deep` and save output to memory/.
 [2026-03-05T21:33:31Z] RESOLVED hooks-missing: `openclaw hooks` reports 5/5 ready (boot-md, bootstrap-extra-files, command-logger, model-skill-injector, session-memory).
+[2026-03-05T21:36:00Z] RESOLVED security-audit-stale: ran `openclaw security audit --deep`; freshness restored.
+[2026-03-05T21:36:00Z] CRITICAL security-audit-findings: latest deep audit = 1 critical, 2 warn, 1 info. Key issue: extension plugin `acpx.bak` flagged for dangerous exec pattern.