β BackDaily Notes β 2026-03-10
Scrapling Integration
- Installed Scrapling 0.4.2 via pip (system python3.12 at /usr/bin/python3.12)
- CLI at /home/sean/.local/bin/scrapling
- playwright + patchright chromium browsers installed (no root needed for binaries)
- Fetch script updated: /home/sean/ada-lab/skills/ddg-search/scripts/fetch now uses scrapling get β stealthy-fetch β curl fallback
- NIST .gov confirmed 200 OK, Reddit confirmed 200 OK
- Scrapling skill installed from verified zip to ~/.openclaw/workspace-ada/skills/scrapling-official/
CMMC Research v3
- Ran fresh v3 run with Scrapling β 5/5 workers, 73 sources, 112 findings, 1162-line report
- Report: /home/sean/ada-lab/research/cmmc-templates/report-v3.md
- Best no-registration direct downloads: RADICL (20+ templates), Peak InfoSec C3PAO (8 files), NIST official SSP/POA&M, SERDP/ESTCP (~15 files), DoD CIO assessment guides
- CMMC Phase 1 live Nov 10 2025. L2: 88/110 min score, 180-day POA&M, SSP mandatory under DFARS 252.204-7012
Z.AI Provider Setup
- Direct Z.AI provider configured (GLM Coding Plan)
- Endpoint: https://api.z.ai/api/coding/paas/v4 (coding plan endpoint, NOT general)
- API key: ZAI_API_KEY in .env (was Z_AI_API_KEY β both present)
- Models: glm-5, glm-4
- Confirmed 200 OK with actual inference response
- Removed zai/glm-4.7 fallback (didn't exist), updated to: zai/glm-4 β haiku β flash
- GLM-5 via NVIDIA NIM (z-ai/glm5) was timing out β direct Z.AI is the correct route
- Subagent primary remains zai/glm-5 (resolves to direct zai provider now)
Provider Health Check (2026-03-09)
- β
deepseek, nvidia/dsv3, sambanova, together, zai (direct)
- β οΈ nvidia/kimi-k2.5 β timeout (15s)
- β οΈ nvidia/glm5 β timeout (redundant now, direct zai works)
- codestral, xai, google β scanner errors (balance/key issues)
- together β parse error (API format change)
Reddit Cron Fix
- All 7 Reddit crons updated to use old.reddit.com/.json endpoint via fetch script
- Prompts now parse JSON response from Reddit API directly
- Gateway restarted, changes live β tomorrow's runs should work
- Previously broken: r/OpenClaw, r/MachineLearning, r/homelab, r/realestate, r/CrewAI
- Working before fix: r/LocalLLaMA, r/ClaudeAI (sometimes)
Self-Improving-Agent Skill
- Backed up to /mnt/homelab/backups/openclaw-skills/self-improving-agent-20260308.zip
- Removed from workspace (not in ClawHub registry)
Research Browser
- Running on openclaw LXC at http://10.10.50.17:7842 (systemd user service)
- Browses: Research Reports, GitHub Stars, Daily Memory, Workspace Memory
- Traefik rule written: /mnt/homelab/docker/stacks/traefik/rules/ada-research.yml
- DNS: research.thefordestate.com β 10.10.50.254 (A record via Technitium port 5380)
- Traefik has watch:false β needs manual restart to pick up rule (pending)
- Service file: ~/.config/systemd/user/ada-research-browser.service
GitHub Stars Categorization
- 699 starred repos fetched and categorized into 17 categories
- Files: /home/sean/ada-lab/github-stars/all-categorized.json + README.md
- Top categories: AI Agents (152), OpenClaw/AgentSkills (123), AI/LLM (84), Homelab (65)
- Real Estate thin at 3 β gap for Cora's toolbox
Mission Control Research
- 51 mission control apps identified from stars
- Deep code review: source files, package.json, Docker configs, API patterns
- Full feature matrix: /home/sean/ada-lab/github-stars/mission-control-matrix.md
- Browsable at http://10.10.50.17:7842
Top picks for Sean's setup:
- builderz-labs/mission-control β most complete, remote-deployable, 28 panels, Next.js
- ClawX (3311β) β best desktop, full IPC: cron/providers/usage/skills/gateway
- clawpal β underrated Tauri, 9 pages, multi-instance SSH, remote-capable
- ClawControl β only cross-platform (desktop + iOS + Android + web), wake word voice
- clawbridge β only dedicated mobile dashboard, auto-detects Tailscale
Notable code review findings:
- ClawControl (213β, was "unknown") = Electron+Capacitor, full cross-platform, wake word, ClawHub skills
- clawpal much richer than described: Orchestrator, Chat, Channels, Cron, multi-instance
- manish-raana/mission-control uses Convex backend (NOT OpenClaw gateway)
- openclaw-nerve: voice TTS/STT + kanban + SpawnAgentDialog + CodeMirror 6
- tenacitOS: Three.js + React Three Fiber + Rapier 3D physics UI (unique)
- tugcantopaloglu/openclaw-dashboard: only one with TOTP MFA, zero npm deps
Mission Control Plan
- Comprehensive implementation plan spawned as subagent (816bd342)
- Output: /home/sean/ada-lab/research/mission-control-plan/PLAN.md
- Covers: pre-implementation checklist, feature hierarchy, user flows (Mermaid), system architecture, screen inventory, tech stack recommendations, implementation phases, open decisions
- Status: in progress at time of compaction
Traefik Config Note
- watch: false in /mnt/homelab/docker/stacks/traefik/config/traefik.yml
- Recommend changing to watch: true β requires one restart, then self-healing going forward
- File provider rules dir: /mnt/homelab/docker/stacks/traefik/rules/
- Existing pattern confirmed from openclaw.yml (host rule + service loadBalancer)
Overnight Research Highlights (2026-03-09)
- ClawHavoc scope: 824+ malicious skills, 1184 packages. Vidar targets SOUL.md + MEMORY.md specifically
- CVE-2026-25253 RCE via WebSocket β we're on v2026.3.7, safe
- SOUL.md + MEMORY.md integrity check performed β both clean, last modified dates correct
- OWASP Agentic Top 10: ASI01 goal hijack via email/docs is live exposure for Ada
- A-RAG paper (arXiv:2602.03442): hierarchical retrieval with keyword/semantic/chunk tools
- openclaw-security-monitor (adibirzu): 48-point scan, daily cron + Telegram alerts β recommend K2 deploy
- r/ClaudeAI: $100 free Anthropic API credits (time-limited), Claude Code scheduled tasks shipped
OpenClaw Update
- Updated to v2026.3.8 during session
- Service file fix reapplied (entry.jsβindex.js, removed --port) β happens every update
- Gateway confirmed healthy post-update