🦝 Reggie's Vault

2026-02-10

2 min read

2026-02-10 Session Notes

Security Hardening (completed)

All changes applied to clawdbot-test server:

  • Telegram allowlist: Only Adam (530660070) can DM, dmPolicy=“allowlist”
  • UFW firewall: Enabled, allows SSH + Tailscale only
  • Fail2ban: Installed and active for SSH brute-force protection
  • Agent visualizer: Bound to localhost only (was 0.0.0.0:8090)
  • Docker sandbox: openclaw-sandbox:bookworm-slim, mode=“non-main” (sub-agents isolated, main session on host)
  • Cron job: Weekly security updates check (job ID: 971acf05-1363-4003-a5c7-a91f58be7bc8, Mondays 09:00 UTC)
  • Kernel update available: 6.8.0-94 — reboot recommended when convenient

Skills Installed

All in /root/clawd/skills/:

  • recursive-self-improvement v1.0.0
  • browser-automation v1.0.1
  • playwright-scraper-skill v1.2.0
  • stagehand-browser-cli v1.0.0
  • frontend-design-ultimate v1.0.0
  • focus-deep-work v1.0.0

Removed: proactive-agent (per Adam’s request, commit 2c860d7)

OpenAI skill patterns applied (commit f8903ac): All 6 skills now have USE WHEN / DON’T USE WHEN routing logic in their SKILL.md descriptions. This follows OpenAI’s research showing negative examples + edge cases recovered 20% accuracy at Glean.

Playwright + Chromium also installed for browser automation.

Frontend Design Updates (frontend-design-ultimate skill)

Stroller App (truestrollercost.com) âś…

CSS updates applied:

  • Fonts: Space Grotesk (headings) + Plus Jakarta Sans (body)
  • Color variables updated with richer palette
  • Grain texture overlay
  • Shadows enhanced
  • fadeInUp animations with staggered delays
  • Gradient header
  • Enhanced chip hover effects

CalWizz Landing (calwizz.com) 🚧 IN PROGRESS

CSS updates started (lines 266, 280, 795, 799):

  • Fonts: Cabinet Grotesk + Plus Jakarta Sans (Fontshare)
  • Grain texture overlay added
  • fadeInUp keyframes defined
  • Next: Hero section styling, buttons, cards, remaining sections

Stroller Images Fixed

Used playwright-scraper-skill to bypass Cloudflare and fix remaining wrong images:

  • Graco NimbleLite (from GoodBuy Gear)
  • Metro+ Deluxe, Joolz Aer+/Aer2/Hub+, Mockingbird (studio shot), Babyzen YOYO2, City Select 2, Nuna Demi Next
  • All pushed in commit 8c0ed70

QMD Security Audit

Audited ehc-io/qmd repo at /tmp/qmd-audit/:

  • Result: CLEAN - no prompt injection, no credential exfiltration
  • 1236 lines TypeScript, only calls OpenRouter API for embeddings
  • Uses local SQLite + sqlite-vec for vector storage
  • Safe to install with OpenRouter API key
  • Docker build in progress: Session “oceanic-zephyr” (pid 1193787)

Pending

  • Complete QMD Docker build and configure with OpenRouter API key
  • Complete CalWizz hero section and remaining CSS
  • Integrate stroller photos into UI (images deployed, need HTML changes)
  • Amazon Associates application
  • Server reboot for kernel update

Graph View

Backlinks