diff --git a/Netgrimoire/Audits/wallo-2026-05-04.md b/Netgrimoire/Audits/wallo-2026-05-04.md
new file mode 100644
index 0000000..8f5a05b
--- /dev/null
+++ b/Netgrimoire/Audits/wallo-2026-05-04.md
@@ -0,0 +1,51 @@
+---
+title: Audit - wallo.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:43:48.797Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:43:48.797Z
+---
+
+# Audit Report — wallo.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/wallo.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+### Audit Results:
+
+1. **Homepage labels:**
+   - `homepage.group`: "PNCHarris Apps" (PASS)
+   - `homepage.name`: "Wallos" (PASS)
+   - `homepage.icon`: "wallos.png" (PASS)
+   - `homepage.href`: "https://expense.netgrimoire.com" (PASS)
+   - `homepage.description`: "Subscription Manager" (PASS)
+
+2. **Uptime Kuma labels:**
+   - There are no Kuma-related labels in the deploy section. (FAIL)  
+     **Fix:** Add Kuma-specific labels under the `deploy.labels` block.
+
+3. **Caddy labels on exposed services:**
+   - `caddy=expense.netgrimoire.com` (PASS)
+   - `caddy.reverse_proxy=wallos:80` (PASS)
+
+4. **Placement constraints:**
+   - There are no placement constraints specified in the deploy section. (FAIL)  
+     **Fix:** Add a placement constraint to specify the node hostname.
+
+5. **Volumes use `/DockerVol/<service>` path convention:**
+   - Volume paths:
+     - `/data/nfs/Baxter/Docker/wallos/db:/var/www/html/db` (FAIL)
+     - `/data/nfs/Baxter/Docker/wallos/logos:/var/www/html/images/uploads/logos` (FAIL)  
+       **Fix:** Rename these volumes to conform to the `/DockerVol/<service>` path convention, e.g., `/DockerVol/wallos/db` and `/DockerVol/wallos/logos`.
+
+6. **Network references external `netgrimoire` overlay:**
+   - Network reference:
+     - `external: true` (PASS)
+
+### VERDICT: FAIL
\ No newline at end of file