Security Audit

Defense in depth — zero-dependency supply chain, container namespace isolation, seccomp syscall filters, secret redaction, tool permissions, and TLS encryption. All verified through automated codebase audits.

20 Security Features
16 Audit Reports
MEDIUM Latest Risk Rating
274 Latest Findings

Security Model

Scorpiox Code uses a defense-in-depth approach. Every layer assumes the layer above has been compromised. Zero external dependencies eliminates the supply chain attack surface entirely.

🛡️

Zero-Dependency Supply Chain

All crypto (mbedTLS), JSON (yyjson), and protocol code vendored in-tree. No npm, no pip, no cargo — no supply chain attack surface.

📦

Static Binaries

SX_STATIC_LINK=ON produces fully static musl-linked executables. No shared library hijacking. Single binary deployment.

🔒

Container Isolation

Linux user namespaces (CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNET) for rootless container isolation.

🔍

Automated Auditing

AI-powered codebase security audits run against every commit. Results published as versioned reports with severity classifications.

Security Features

20 security features across 6 categories, all implemented in pure C with zero external runtime dependencies.

🛡️ Isolation

🛡️ isolation

Container Namespace Isolation

Rootless containers via clone() with CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNET. pivot_root into overlayfs rootfs.

scorpiox-unshare.c
🛡️ isolation

Seccomp Syscall Filter

BPF seccomp filter blocks personality() and keyctl() syscalls. PR_SET_NO_NEW_PRIVS enforced before filter installation.

scorpiox-unshare.c
🛡️ isolation

Capability Hardening

Drops CAP_IPC_LOCK from bounding set inside containers to prevent mlock()-based memory pinning attacks.

scorpiox-unshare.c
🛡️ isolation

Network Namespace Isolation

Isolated network namespace via CLONE_NEWNET. Network access through slirp4netns tap0 interface. DNS at 10.0.2.3.

scorpiox-unshare.c

🔏 Encryption

🔏 encryption

TLS Certificate Verification

mbedTLS with certificate verification. SX_TLS_VERIFY=true enforces full chain validation. Vendored in-tree — no OpenSSL dependency.

sx_tls.h
🔏 encryption

Mail TLS (STARTTLS/IMAPS)

SMTP STARTTLS and IMAPS TLS tunneling via mbedTLS. Certificate pinning support for mail servers.

sxmail_tls.c

🔐 Authentication

🔐 authentication

TOTP/HOTP Two-Factor Auth

Pure-C RFC 4226 (HOTP) + RFC 6238 (TOTP). Built-in SHA-1, HMAC-SHA1, Base32 decoding. Zero external dependencies.

scorpiox-otp.c
🔐 authentication

OAuth Token Management

Multi-source OAuth: local file, SSH remote, HTTP endpoint, TCP fetch. Supports Claude, Codex, and Gemini providers.

scorpiox-claudecode-fetchtoken.c

🗝️ Secrets

🗝️ secrets

Sensitive Key Redaction

sx_config_is_sensitive() auto-detects KEY, PASS, SECRET, TOKEN, CREDENTIAL in key names. Values masked as '****' in all output.

sx_config.c
🗝️ secrets

Git Vault Backup

Offline git repo backup (bundle/tar/zip). fork()+execvp() execution — no shell injection possible.

scorpiox-vault-git.c
🗝️ secrets

PAT Credential Masking

Personal Access Tokens in git URLs masked in all log output. Only first 3 characters shown for identification.

scorpiox-unshare.c

🚦 Permissions

🚦 permissions

Tool Permission System

TOOL_BASH, TOOL_READIMAGE, TOOL_WEBSEARCH etc. individually enable/disable each agent tool. WASM auto-disables fork-dependent tools.

sx_tools.c
🚦 permissions

MCP Allow/Deny Permissions

MCP_ALLOW / MCP_DENY glob patterns control external tool access per MCP server. Deny-first evaluation.

scorpiox-mcp.c
🚦 permissions

MCP Command Injection Prevention

MCP commands validated against forbidden metacharacter set. execvp() used without shell to prevent injection.

scorpiox-mcp.c
🚦 permissions

UTF-8 Input Sanitization

All JSON string inputs validated and sanitized for proper UTF-8 encoding. Prevents malformed input attacks.

sx_json_yy.c
🚦 permissions

Safe Command Execution

fork()+execvp() preferred over system(). No shell interpretation. BASH_DEFAULT_TIMEOUT enforces execution time limits.

sx_exec.c

📋 Audit

📋 audit

DNS Audit Logging

DNS_AUDIT_LOG=true logs all DNS queries. DNS_AUDIT_LOG_DIR configures output directory. Full query/response tracing.

scorpiox-dns.c
📋 audit

Session Tracing

Every session gets a trace file recording all tool invocations, API calls, and events with timestamps.

sx_trace.c
📋 audit

Config Snapshot at Session Start

Active configuration snapshot saved to session directory on startup. Sensitive values auto-redacted.

sx_session.c
📋 audit

Process & Resource Leak Monitor

Tracks child processes and detects resource leaks. Ensures clean shutdown with no orphaned processes.

sx_procmon.c

Secret Management

API keys, tokens, and credentials are never written to logs or debug output in cleartext. Multiple layers protect sensitive data throughout the system.

Redaction Rules

sx_config_is_sensitive() detects any key containing KEY, PASS, SECRET, TOKEN, or CREDENTIAL (case-insensitive). All matching values are automatically masked as **** in log output, config snapshots, and debug traces.

Data Never Written to Logs

# These values are always redacted in output: • API keys → masked as *** • x-api-key headers → ***MASKED*** • OAuth tokens → never logged • SSH passwords → never logged • PAT tokens → first 3 chars only • Refresh tokens → never logged

Configuration Cascade

API keys are set via scorpiox-env.txt with a four-tier cascade. Higher tiers override lower:

# Tier 1: Built-in defaults (compiled into binary) # Tier 2: exe_dir/scorpiox-env.txt (global) # Tier 3: ~/.claude/scorpiox-env.txt (user) # Tier 4: CWD/.scorpiox/scorpiox-env.txt (project) # Example: project-level API key override ANTHROPIC_API_KEY=sk-ant-... OPENAI_API_KEY=sk-... GEMINI_API_KEY=AI...

Permissions & Access Control

Fine-grained control over which tools the AI agent can invoke and which MCP servers can execute commands.

Tool Permissions

Each tool is individually controlled via environment variables in scorpiox-env.txt:

KeyDescription
TOOL_BASHEnable/disable shell command execution
TOOL_READIMAGEEnable/disable image file reading
TOOL_WEBSEARCHEnable/disable web search
TOOL_CREATEFILEEnable/disable file creation
TOOL_BACKGROUNDBASHEnable/disable background processes
TOOL_TASKMANAGEREnable/disable task management
TOOL_INVOKESKILLEnable/disable skill invocation
TOOL_READDOCSEnable/disable documentation fetching
TOOL_ASKUSERQUESTIONEnable/disable interactive prompts
TOOL_EMITEVENTEnable/disable event emission

MCP Access Control

# Allow specific tools from an MCP server MCP_ALLOW=read_file,write_file,list_dir # Deny dangerous operations (deny-first evaluation) MCP_DENY=exec_*,shell_*,sudo_* # MCP server configuration MCP_SERVER=stdio:///usr/local/bin/my-mcp-server MCP_CONFIG=/path/to/mcp-config.json

Security Configuration

Security-related configuration keys in scorpiox-env.txt:

KeyDescription
SX_TLS_VERIFYEnable TLS certificate chain validation (default: true)
DNS_AUDIT_LOGEnable DNS query audit logging
DNS_AUDIT_LOG_DIRDirectory for DNS audit log files
BASH_DEFAULT_TIMEOUTMaximum execution time for bash commands (seconds)
IMAGE_BASE_URLBase URL for container rootfs images
CLAUDE_CODE_TOKEN_SOURCEOAuth token source: file, ssh, http, tcp
FETCHTOKEN_API_KEY_REQUIREDRequire API key for token server requests
FETCHTOKEN_LISTEN_PORTToken server listen port

Container Security Options

# Container isolation settings IMAGE_BASE_URL=https://images.scorpiox.net # Seccomp: blocks personality() and keyctl() syscalls # Capabilities: drops CAP_IPC_LOCK from bounding set # Network: CLONE_NEWNET with slirp4netns tap0 # DNS: resolved through slirp at 10.0.2.3 # TLS verification for all HTTPS connections SX_TLS_VERIFY=true # DNS audit logging DNS_AUDIT_LOG=true DNS_AUDIT_LOG_DIR=/var/log/scorpiox/dns

Audit Reports

Automated security audits run against the scorpiox-code C codebase. Each audit produces severity-classified findings across architecture, networking, data handling, vulnerabilities, and permissions.

2026-04-28 LATEST 28b0b1b7 402,541 lines (151,596 project)
MEDIUM RISK
274 findings
7 critical 20 high 89 medium 55 low
Individual Reports (0)
2026-04-28 Audit #15 2b6f3d37 399,383 lines (171,633 project)
HIGH RISK
240 findings
17 critical 28 high 68 medium 53 low
Individual Reports (0)
2026-04-28 Audit #14 40e8525b 380,496 lines (151,970 project)
MEDIUM RISK
212 findings
9 critical 20 high 33 medium 29 low
Individual Reports (0)
2026-04-28 Audit #13 4d61a6ad 398,610 lines (170,860 project)
HIGH RISK
395 findings
10 critical 25 high 70 medium 123 low
Individual Reports (0)
2026-04-28 Audit #12 9bfa5b46 378,558 lines (151,487 project)
HIGH RISK
549 findings
13 critical 33 high 120 medium 28 low
Individual Reports (0)
2026-04-28 Audit #11 b56a3072 369,411 lines (0 project)
MEDIUM-HIGH RISK
53 findings
5 critical 15 high 22 medium 9 low
Individual Reports (5)
2026-04-29 Audit #10 b7940008 374,613 lines (138,485 project)
MEDIUM RISK
272 findings
3 critical 20 high 45 medium 106 low
Individual Reports (0)
2026-04-28 Audit #9 b85fca98 369,205 lines (143,309 project)
MEDIUM RISK
48 findings
11 critical 14 high 17 medium 6 low

✅ Positive Findings

  • Zero external package manager dependencies
  • All third-party code vendored in-tree
  • Static linking on Linux (musl)
  • 99.4% single-org commit provenance
  • 99.1% of format calls use snprintf (bounded)
  • No format string vulnerabilities
Individual Reports (5)
2026-04-28 Audit #8 f7f14b49 369,495 lines (0 project)
MEDIUM RISK
40 findings
5 critical 12 high 14 medium 6 low
Individual Reports (5)
2026-04-29 Audit #7 3ad7dfcf 381,273 lines (152,747 project)
MEDIUM RISK
286 findings
2 critical 18 high 100 medium 60 low
Individual Reports (0)
2026-04-29 Audit #6 5af0d648 404,459 lines (174,441 project)
LOW-MEDIUM RISK
175 findings
0 critical 12 high 39 medium 45 low
Individual Reports (0)
2026-04-29 Audit #5 ca3fe9b3 403,876 lines (173,858 project)
LOW-MEDIUM RISK
207 findings
0 critical 7 high 28 medium 37 low
Individual Reports (0)
2026-04-30 Audit #4 60a9c053 405,182 lines (147,742 project)
LOW-MEDIUM RISK
209 findings
2 critical 8 high 37 medium 53 low
Individual Reports (0)
2026-04-30 Audit #3 6851bc06 405,182 lines (147,742 project)
LOW-MEDIUM RISK
225 findings
2 critical 6 high 38 medium 55 low
Individual Reports (0)
2026-04-30 Audit #2 fe4a27dc 376,275 lines (148,135 project)
LOW RISK
155 findings
0 critical 0 high 14 medium 44 low
Individual Reports (0)
2026-05-07 Audit #1 c9d5a5e4 408,011 lines (159,094 project)
LOW RISK
124 findings
0 critical 2 high 13 medium 32 low
Individual Reports (0)