# Network Communications Audit Report

**Codebase**: scorpiox/clang  
**Audit Date**: 2026-04-28  
**Auditor**: Security Audit Agent  
**Scope**: All network communications, endpoints, protocols, and telemetry in 224 non-vendor C/H source files (~143,309 LOC)

---

## 1. Executive Summary

The scorpiox codebase is a **heavily networked application** with extensive outbound HTTP/HTTPS communications to multiple AI provider APIs, internal infrastructure services, and external search engines. It also includes **inbound server components** (SMTP, IMAP, HTTP, WebSocket, TCP) and **infrastructure networking** (FRP reverse proxy, container networking via slirp4netns, Unix domain sockets for IPC).

### Key Findings

| Category | Severity | Finding |
|----------|----------|---------|
| **TLS Certificate Validation** | 🔴 CRITICAL | SSL/TLS certificate verification is disabled in **8 locations** across the codebase |
| **Hardcoded Credentials** | 🔴 CRITICAL | API keys, SSH passwords, and proxy tokens are embedded in source code |
| **Plaintext Token Transport** | 🟠 HIGH | OAuth tokens fetched via raw TCP (no TLS) on port 9800 |
| **Telemetry** | 🟡 MEDIUM | Usage tracking and session telemetry endpoints exist (disabled by default in native, configurable) |
| **Broad Network Surface** | 🟡 MEDIUM | Binary can communicate with 20+ distinct external endpoints |
| **No Certificate Pinning** | 🟡 MEDIUM | No certificate pinning on any API connections |

---

## 2. Network Activity Summary

### 2.1 Outbound Communications (Client-Initiated)

The application makes outbound network connections for the following purposes:

1. **AI Provider API Calls** — Primary function; sends user prompts/tool results, receives AI completions
2. **Token Fetching** — OAuth token retrieval via HTTP, SSH, or raw TCP
3. **Usage Telemetry** — Posts token usage statistics and session events to scorpiox.net
4. **Web Search** — Queries search engines (Mojeek, Brave, DuckDuckGo, Google, Bing, Yahoo, Yandex, Startpage, Ecosia, Qwant, Searx)
5. **Voice Transcription** — Sends audio to Whisper API endpoint
6. **Distribution Downloads** — Fetches container images, executables, firmware, self-updates
7. **URL Fetching** — General-purpose HTTP fetcher for ReadDocs tool
8. **FRP Reverse Proxy** — Connects to FRP server for reverse tunneling
9. **Email Relay** — Outbound SMTP relay via smarthost
10. **MX Delivery** — Direct SMTP delivery to remote mail servers
11. **Git Operations** — Clone/push via HTTPS with embedded PAT tokens

### 2.2 Inbound Communications (Server Components)

The codebase includes several server components that listen for inbound connections:

| Component | Port(s) | Protocol | Purpose |
|-----------|---------|----------|---------|
| `scorpiox-server` | 8080 (configurable) | HTTP | Script execution server with JWT auth |
| `scorpiox-server-email` | 25, 587, 993 | SMTP/IMAP | Full email server |
| `scorpiox-server-fetchtoken` | 9800 | Raw TCP | Token distribution proxy |
| `scorpiox-server-http2tcp` | 9801 | HTTP-over-TCP | HTTP relay server |
| `ws2tcp` bridge | 6080 | WebSocket | WebSocket-to-TCP proxy (VNC) |
| `sxmux` sessions | Unix socket | Unix domain | Terminal multiplexer IPC |

### 2.3 Internal Communications (IPC)

| Mechanism | Location | Purpose |
|-----------|----------|---------|
| Unix domain sockets | `sxmux_session.c` | Terminal multiplexer client-server |
| Named pipes (Windows) | `sxmux_session.c` | Windows equivalent of Unix sockets |
| Raw TCP socket | `sx_http_relay.c` | HTTP relay when curl unavailable |
| Slirp4netns API socket | `scorpiox-unshare.c` | Container port forwarding |

---

## 3. Endpoint Inventory

### 3.1 AI Provider Endpoints

| Endpoint | Protocol | Source File | Purpose | Auth Method |
|----------|----------|-------------|---------|-------------|
| `https://api.anthropic.com/v1/messages` | HTTPS | `sx_provider_anthropic.c`, `sx_provider_claude_code.c` | Anthropic Messages API | API key / OAuth Bearer |
| `https://api.anthropic.com/v1/messages?beta=true` | HTTPS | `sx_provider_claude_code.c`, `sx_provider_claude_code_wasm.c` | Claude Code API (beta) | OAuth Bearer |
| `https://api.anthropic.com/v1/models` | HTTPS | `scorpiox-claudecode-models.c` | Model listing | OAuth Bearer |
| `https://api.z.ai/api/anthropic` | HTTPS | `sx_provider_anthropic.c` | Z.AI proxy | API key |
| `https://api.z.ai/api/anthropic/v1/messages` | HTTPS | `sx_config_embedded.c` | Z.AI proxy (embedded) | API key |
| `http://192.168.1.12:8045/v1/messages` | HTTP ⚠️ | `sx_config_embedded.c` | Antigravity proxy (LAN) | API key |
| `https://api.openai.com/v1/chat/completions` | HTTPS | `sx_provider_openai_wasm.c` | OpenAI API | API key |
| `https://chatgpt.com/backend-api/codex/responses` | HTTPS | `sx_provider_codex.c` | OpenAI Codex API | OAuth |
| `https://generativelanguage.googleapis.com/v1beta` | HTTPS | `sx_provider_gemini_wasm.c` | Google Gemini API | API key |
| `https://opus.scorpiox.net` | HTTPS | `sx_config_embedded.c` | OpenAI-compatible proxy | API key |
| `https://qwen3-coder-next.scorpiox.net` | HTTPS | `scorpiox-openai.c` | Qwen3 proxy | API key |

### 3.2 ScorpioX Infrastructure Endpoints

| Endpoint | Protocol | Source File | Purpose |
|----------|----------|-------------|---------|
| `http://scorpiox.net:5176` | HTTP ⚠️ | `sx_config_embedded.c` | Router URL |
| `http://token.scorpiox.net/claude` | HTTP ⚠️ | `sx_config.c`, `sx_config_embedded.c` | Claude Code token fetch |
| `http://token.scorpiox.net/codex` | HTTP ⚠️ | `sx_config.c`, `sx_config_embedded.c` | Codex token fetch |
| `http://token.scorpiox.net/gemini` | HTTP ⚠️ | `sx_config.c`, `sx_config_embedded.c` | Gemini token fetch |
| `https://code.scorpiox.net/usage-send` | HTTPS | `scorpiox-usage.c`, `sx_config_embedded.c` | Usage telemetry |
| `https://code.scorpiox.net/sessions-send` | HTTPS | `scorpiox-emit-session.c`, `sx_config_embedded.c` | Session telemetry |
| `https://dist.scorpiox.net/container-images/` | HTTPS | `scorpiox-wsl.c`, `scorpiox-vm.c`, `scorpiox-unshare.c` | Container image downloads |
| `https://dist.scorpiox.net/executables/` | HTTPS | `scorpiox-wsl.c`, `sx_bridge.c` | Executable updates |
| `https://dist.scorpiox.net/firmware/` | HTTPS | `scorpiox-vm.c` | VM BIOS/firmware |
| `https://dist.scorpiox.net/scorpiox/` | HTTPS | `sx_config.c` | Distribution packages |
| `https://dist.scorpiox.net/scorpiox/index.txt` | HTTPS | `sx_config.c` | Package index |
| `https://whisper.scorpiox.net/` | HTTPS | `scorpiox-voice.c` | Voice transcription |
| `https://login.scorpiox.net/` | HTTPS | `scorpiox-server.c` | JWT issuer |
| `https://git.scorpiox.net` | HTTPS | `sx_config_embedded.c` | Git server |
| `registry.scorpiox.net` | HTTPS | `sx_config_embedded.c` | Container registry |
| `anthropic.scorpiox.net` | HTTPS | `sx_provider_claude_code.c` | Anthropic API proxy |
| `relay.scorpiox.net:9801` | TCP | `sx_config_embedded.c` | HTTP relay server |
| `proxy.scorpiox.net:9800` | TCP | `sx_config.c` | Token proxy |

### 3.3 OAuth Token Endpoints

| Endpoint | Protocol | Source File | Purpose |
|----------|----------|-------------|---------|
| `https://console.anthropic.com/v1/oauth/token` | HTTPS | `scorpiox-claudecode-refreshtoken.c` | Claude OAuth token refresh |
| `https://auth.openai.com/oauth/token` | HTTPS | `scorpiox-codex-refreshtoken.c` | Codex OAuth token refresh |

### 3.4 Web Search Endpoints

| Endpoint | Protocol | Source File | Purpose |
|----------|----------|-------------|---------|
| `https://www.mojeek.com/search` | HTTPS | `scorpiox-websearch.c` | Mojeek search |
| `https://search.brave.com/search` | HTTPS | `scorpiox-websearch.c` | Brave search |
| `https://html.duckduckgo.com/html/` | HTTPS | `sx_agent_tools_wasm.c` | DuckDuckGo search |
| `https://www.google.com/search` | HTTPS | Config templates | Google search |
| `https://www.bing.com/search` | HTTPS | Config templates | Bing search |
| `https://search.yahoo.com/search` | HTTPS | Config templates | Yahoo search |
| `https://yandex.com/search/` | HTTPS | Config templates | Yandex search |
| `https://www.startpage.com/sp/search` | HTTPS | Config templates | Startpage search |
| `https://www.ecosia.org/search` | HTTPS | Config templates | Ecosia search |
| `https://www.qwant.com/` | HTTPS | Config templates | Qwant search |
| `https://searx.be/search` | HTTPS | Config templates | SearX search |

### 3.5 Hardcoded Internal IPs

| IP Address | Port | Source File | Purpose |
|------------|------|-------------|---------|
| `192.168.1.12` | 8045 | `sx_config_embedded.c` | Antigravity proxy (LAN) |
| `192.168.1.3` | — | `sx_config_embedded.c` | TMux remote host / SMB share |
| `192.168.1.6` | 22223 | `sx_config_embedded.c` | Claude Code SSH host |
| `20.53.240.54` | 9800 | `sx_config_embedded.c` | TCP token proxy (Azure IP) |
| `127.0.0.1` | Various | Multiple | Loopback/local relay |
| `10.0.2.3` | — | `scorpiox-unshare.c` | Slirp4netns DNS |

---

## 4. Protocol Analysis

### 4.1 HTTP/HTTPS (libcurl)

**Implementation**: `sx_http.c` wraps libcurl for all HTTP requests via `sx_http_request()`.

- **Method**: GET, POST, PUT, DELETE supported
- **Timeouts**: Configurable, defaults to 600 seconds
- **Cancel**: Supports mid-request cancellation via callback
- **Streaming**: SSE (Server-Sent Events) streaming for AI provider responses
- **Headers**: Up to 32 custom headers per request
- **CA Bundle**: Windows builds use a custom CA bundle path via `sx_get_ca_bundle_path()`

**Relay Mode**: When `HTTP_RELAY=1`, all HTTP requests are serialized over a custom `SXH1` binary protocol via plain TCP to `relay.scorpiox.net:9801`, eliminating curl/TLS dependencies on the client side. The relay server performs the actual HTTPS request.

### 4.2 Raw TCP

**Token Fetching** (`scorpiox-claudecode-fetchtoken.c`, `scorpiox-codex-fetchtoken.c`, `scorpiox-gemini-fetchtoken.c`):
- Connects to `TCP_HOST:TCP_PORT` (default: `proxy.scorpiox.net:9800` / `20.53.240.54:9800`)
- **No TLS** — raw plaintext TCP
- Server sends JSON containing OAuth access tokens on connect, then closes
- Tokens include `access_token` and `expires_at` fields
- ⚠️ **CRITICAL**: OAuth bearer tokens transmitted in cleartext

**HTTP Relay** (`sx_http_relay.c`):
- Custom binary protocol `SXH1`/`SXR1` over plain TCP
- Serializes full HTTP requests (method, URL, headers, body)
- Returns HTTP status code + response body
- Default: `127.0.0.1:9801` or configurable

### 4.3 SMTP/IMAP (Email Server)

**Inbound SMTP** (`sxmail_smtp.c`):
- Listens on ports 25 (MTA) and 587 (submission)
- Supports STARTTLS upgrade via mbedTLS
- AUTH PLAIN (base64-encoded credentials)
- DKIM signing for outbound messages

**Inbound IMAP** (`sxmail_imap.c`):
- Listens on port 993 (implicit TLS)
- Full IMAP4rev1 implementation

**Outbound SMTP** (`sxmail_queue.c`):
- MX lookup via `getaddrinfo()` + `res_query()` (DNS)
- Direct delivery to port 25 of MX host
- Smarthost relay with optional STARTTLS (mbedTLS)
- AUTH PLAIN over TLS for relay authentication

### 4.4 FRP Reverse Proxy (`sx_frp.c`)

- Implements FRP (Fast Reverse Proxy) wire protocol
- TCP → yamux multiplexing → FRP messages (JSON payloads)
- AES-128-CFB encryption on control stream
- Auth: MD5(token + timestamp) → hex string
- TLS with mbedTLS for FRP server connections (VERIFY_NONE ⚠️)
- Heartbeat ping/pong every 30 seconds

### 4.5 WebSocket (`ws2tcp.c`)

- WebSocket-to-TCP bridge for VNC (noVNC)
- Listens on port 6080
- Upgrades HTTP connections to WebSocket
- Proxies bidirectionally between WebSocket and TCP backend
- Token-based routing to different backends

### 4.6 Unix Domain Sockets (`sxmux_session.c`)

- Terminal multiplexer IPC
- `AF_UNIX` / `SOCK_STREAM`
- Socket files in `/tmp/` or runtime dir
- Binary protocol with message types (create, attach, resize, sendkeys, output, etc.)

### 4.7 Container Networking (`scorpiox-unshare.c`)

- Uses `CLONE_NEWNET` for network namespace isolation
- slirp4netns for userspace networking (TAP device)
- Port forwarding via slirp4netns API socket (`AF_UNIX`)
- DNS via slirp at `10.0.2.3` or host resolv.conf copy
- Auto-port allocation for `port+:target` syntax

---

## 5. Telemetry Assessment

**Rating: MODERATE — Two opt-in telemetry systems exist**

### 5.1 Usage Tracking (`scorpiox-usage.c`)

- **Default State**: **Disabled** (`USAGE_TRACKING=0` in both `sx_config.c` and `sx_config_embedded.c`)
- **Endpoint**: `https://code.scorpiox.net/usage-send`
- **Trigger**: Called fire-and-forget from agent loop after each API response
- **Data Sent**:
  - Session ID
  - Provider name (claude, gemini, openai)
  - Model name
  - Token counts (input, output, cache_read, cache_write)
  - Service tier
  - Project name (basename of cwd)
  - Git branch (auto-detected)
  - **Machine metadata**: hostname, username, OS, arch, OS version, scorpiox version

### 5.2 Session Event Tracking (`scorpiox-emit-session.c`)

- **Default State**: **Disabled** (`EMIT_SESSION_TRACKING=0`)
- **Endpoint**: `https://code.scorpiox.net/sessions-send`
- **Data Sent**:
  - Session ID + sequence number
  - Message type (user, assistant, tool_call, tool_result, error, thinking, system_prompt)
  - **Full message text** (up to 1MB from file)
  - Provider and model name
  - Project name, git branch
  - **Machine metadata**: hostname, username, OS, arch

### 5.3 Cache Keep-Alive (`sx_cache_keepalive.c`)

- **Not telemetry** but generates automatic network traffic
- Sends "keepalive, respond ok" to the AI provider when idle for ~4:30
- Purpose: Keep Claude's prompt cache warm
- Default: Disabled in native (`CACHE_KEEPALIVE=0`), enabled in WASM config

### 5.4 Traffic Logging

- All AI provider requests/responses logged to `.scorpiox/traffics/` directories
- Includes raw HTTP, parsed messages, and usage JSON
- **Local-only** — not transmitted unless session tracking is enabled

---

## 6. TLS/SSL Security Analysis

### 6.1 Certificate Verification Disabled — 🔴 CRITICAL

Certificate verification is explicitly disabled in **8 locations**:

| File | Line | Code | Context |
|------|------|------|---------|
| `sxmail_tls.c` | 185 | `MBEDTLS_SSL_VERIFY_NONE` | Email server TLS (inbound SMTP/IMAP) |
| `sxmail_queue.c` | 532 | `MBEDTLS_SSL_VERIFY_NONE` | Outbound SMTP relay TLS client |
| `sx_frp.c` | 1105 | `MBEDTLS_SSL_VERIFY_NONE` | FRP reverse proxy TLS |
| `scorpiox-gemini-fetchtoken.c` | 125-126 | `CURLOPT_SSL_VERIFYPEER=0`, `CURLOPT_SSL_VERIFYHOST=0` | Gemini token fetcher |
| `scorpiox-email.c` | 342-343 | `CURLOPT_SSL_VERIFYPEER=0`, `CURLOPT_SSL_VERIFYHOST=0` | Email sending via curl |
| `scorpiox-codex-refreshtoken.c` | 464-465 | `CURLOPT_SSL_VERIFYPEER=0`, `CURLOPT_SSL_VERIFYHOST=0` | Codex OAuth token refresh |
| `scorpiox-codex-fetchtoken.c` | 437-438 | `CURLOPT_SSL_VERIFYPEER=0`, `CURLOPT_SSL_VERIFYHOST=0` | Codex token fetcher |
| `scorpiox-claudecode-refreshtoken.c` | 341-342 | `CURLOPT_SSL_VERIFYPEER=0`, `CURLOPT_SSL_VERIFYHOST=0` | Claude OAuth token refresh |
| `scorpiox-claudecode-fetchtoken.c` | 341-342 | `CURLOPT_SSL_VERIFYPEER=0`, `CURLOPT_SSL_VERIFYHOST=0` | Claude token fetcher |
| `scorpiox-traffic.c` | 979 | `setenv("CURLOPT_SSL_VERIFYPEER", "0", 1)` | Traffic capture proxy |

**Impact**: All token fetch/refresh operations and email TLS are vulnerable to man-in-the-middle attacks. An attacker on the network path could intercept OAuth tokens, API keys, and email credentials.

### 6.2 TLS Version

- `sxmail_tls.c`: Enforces minimum TLS 1.2 (`MBEDTLS_SSL_VERSION_TLS1_2`) — ✅ Good
- `sxmail_queue.c`: Uses `MBEDTLS_SSL_PRESET_DEFAULT` — No explicit minimum set
- `sx_frp.c`: Uses `MBEDTLS_SSL_PRESET_DEFAULT` — No explicit minimum set
- Main HTTP via libcurl: Uses libcurl defaults (system-dependent, typically TLS 1.2+)

### 6.3 CA Bundle

- Windows builds use a custom CA bundle path (`sx_get_ca_bundle_path()`)
- Linux/macOS rely on system CA store
- No certificate pinning anywhere

### 6.4 Podman Registry

- `TMUX_PODMAN_TLS_VERIFY=false` in embedded config — disables registry TLS verification

---

## 7. Data Flow Diagrams

### 7.1 AI Provider Request Flow

```
User Input
    │
    ▼
sx.c (main loop)
    │
    ├──► sx_provider_*.c  (build JSON request)
    │         │
    │         ▼
    │    sx_http.c / sx_http_relay.c
    │         │
    │         ├──[HTTP_RELAY=0]──► libcurl ──► HTTPS ──► api.anthropic.com
    │         │                                          api.openai.com
    │         │                                          generativelanguage.googleapis.com
    │         │
    │         └──[HTTP_RELAY=1]──► TCP:9801 ──► relay.scorpiox.net ──► target API
    │
    ├──► scorpiox-usage (fire-and-forget)
    │         │
    │         └──► HTTPS POST ──► code.scorpiox.net/usage-send
    │
    └──► scorpiox-emit-session (fire-and-forget, if enabled)
              │
              └──► HTTPS POST ──► code.scorpiox.net/sessions-send
```

### 7.2 Token Acquisition Flow

```
Provider init (needs OAuth token)
    │
    ├──[TOKEN_MODE_LOCAL]──► Read ~/.claude/.credentials.json
    │
    ├──[TOKEN_MODE_REMOTE]──► HTTP GET ──► token.scorpiox.net/claude
    │                                       token.scorpiox.net/codex
    │                                       token.scorpiox.net/gemini
    │
    ├──[TOKEN_MODE_SSH]──► SSH ──► remote_host ──► cat ~/.claude/.credentials.json
    │   (uses scorpiox-sshpass with hardcoded password "xboxone")
    │
    └──[TOKEN_MODE_TCP]──► Raw TCP ──► proxy.scorpiox.net:9800
                            (20.53.240.54:9800)
                            ⚠️ PLAINTEXT — tokens in cleartext
```

### 7.3 Email Data Flow

```
Inbound:
    Remote MTA ──► TCP:25 ──► sxmail_smtp.c (EHLO/AUTH/STARTTLS)
                                │
    Remote MUA ──► TCP:587 ──► sxmail_smtp.c (submission, AUTH required)
                                │
                                ▼
                         sxmail_queue.c (local store)
                                │
    Remote MUA ──► TCP:993 ──► sxmail_imap.c (TLS, FETCH/SELECT/SEARCH)

Outbound:
    sxmail_queue.c ──► MX lookup (getaddrinfo) ──► TCP:25 ──► Remote MX
                   └──► Smarthost relay (TLS) ──► TCP:465/587 ──► Relay host
```

---

## 8. Hardcoded Credentials — 🔴 CRITICAL

The following credentials are embedded in source code (primarily in `sx_config_embedded.c` for WASM builds):

| Credential | Value | File | Risk |
|------------|-------|------|------|
| Anthropic Antigravity API Key | `sk-6088a10dc3c1473cac567069b0e557f6` | `sx_config_embedded.c:18` | API abuse |
| Z.AI API Key | `9c6fba5db3f84613aaf8700b05990835.ue19jY48d9GmddqX` | `sx_config_embedded.c:20` | API abuse |
| Gemini API Key | `AIzaSyDsvlLnCdMFXnlCLxurMaAO5RKI8IQHVA8` | `sx_config_embedded.c:73` | API abuse |
| SSH Password | `xboxone` | `scorpiox-sshpass.c:41`, `sx_config_embedded.c:115` | Remote access |
| TCP Host IP | `20.53.240.54` | `sx_config_embedded.c` | Infrastructure exposure |

---

## 9. DNS Resolution Analysis

### 9.1 DNS Calls

| Function | File | Purpose |
|----------|------|---------|
| `getaddrinfo()` | `sxmail_queue.c:324` | MX host resolution for outbound email delivery |
| `getaddrinfo()` | `sxmail_queue.c:653` | SMTP relay host resolution |
| `getaddrinfo()` | `scorpiox-server-http2tcp.c:337` | HTTP relay server binding |
| `getaddrinfo()` | `sx_frp.c` (via connect) | FRP server resolution |
| `getaddrinfo()` | `scorpiox-claudecode-fetchtoken.c` | TCP token host resolution |
| `res_query()` | `sxmail_queue.c` | MX record DNS queries |

### 9.2 Domains Resolved at Runtime

All domains in the endpoint inventory (Section 3) are resolved via standard system DNS. No custom DNS resolver is used. No DNS-over-HTTPS or DNS-over-TLS.

DNS audit logging is configurable (`DNS_AUDIT_LOG=0/1`, `DNS_AUDIT_LOG_DIR=/var/log/scorpiox-dns`) but disabled by default.

---

## 10. Data Exfiltration Pattern Analysis

### 10.1 Base64 + Network Send

Base64 encoding is used in the following network contexts:

| Pattern | File | Risk Assessment |
|---------|------|-----------------|
| AUTH PLAIN (base64 credentials) → SMTP send | `sxmail_smtp.c`, `sxmail_queue.c` | **Expected** — standard SMTP auth |
| DKIM signature (base64) → SMTP header | `sxmail_dkim.c` | **Expected** — standard DKIM |
| Image data (base64) → AI API POST | `sx_api.h` (image_result) | **Expected** — vision/image tool |
| Audio file → HTTP POST (multipart) | `scorpiox-voice.c` | **Expected** — voice transcription |

### 10.2 File Read + Network Send

| Pattern | File | Risk Assessment |
|---------|------|-----------------|
| Credential files → TCP/HTTP/SSH | `scorpiox-*-fetchtoken.c` | **Expected** — token management |
| Session text (up to 1MB) → HTTPS POST | `scorpiox-emit-session.c` | **⚠️ Potential concern** — sends full conversation including tool outputs when enabled |
| Email message body → SMTP relay | `sxmail_queue.c` | **Expected** — email relay |
| Audio WAV → HTTP POST | `scorpiox-voice.c` | **Expected** — transcription |

### 10.3 Assessment

No **unintentional** data exfiltration patterns detected. All file-read-to-network patterns serve legitimate application purposes. However, the **session tracking** feature (`EMIT_SESSION_TRACKING=1`) would transmit complete conversation transcripts including tool outputs, file contents, and command results to `code.scorpiox.net`.

---

## 11. Risk Assessment

### 11.1 Risk Matrix

| Risk | Likelihood | Impact | Severity | Description |
|------|-----------|--------|----------|-------------|
| MITM on token fetch | Medium | Critical | 🔴 **CRITICAL** | SSL verification disabled on all token fetch/refresh operations. Attacker can intercept OAuth tokens. |
| Hardcoded credential exposure | High | High | 🔴 **CRITICAL** | API keys and SSH passwords in source code. Any binary distribution leaks these. |
| Plaintext token transport | Medium | Critical | 🟠 **HIGH** | Raw TCP token fetch (port 9800) sends OAuth tokens without encryption. |
| Session data exfiltration | Low | High | 🟡 **MEDIUM** | When `EMIT_SESSION_TRACKING=1`, full conversations sent to scorpiox.net. Disabled by default. |
| Broad attack surface | Medium | Medium | 🟡 **MEDIUM** | 20+ external endpoints; compromise of any proxy/relay endpoint (scorpiox.net) could intercept all AI traffic. |
| Container registry insecure | Low | Medium | 🟡 **MEDIUM** | `TMUX_PODMAN_TLS_VERIFY=false` allows MITM on container pulls. |
| Email server exposure | Medium | Medium | 🟡 **MEDIUM** | SMTP on port 25 with `VERIFY_NONE` TLS; IMAP TLS with `VERIFY_NONE`. |
| FRP tunnel MITM | Low | Medium | 🟡 **MEDIUM** | FRP TLS with `VERIFY_NONE`; attacker could intercept tunneled traffic. |
| DNS resolution (no DNSSEC) | Low | Low | 🟢 **LOW** | Standard system DNS; MX lookups could be poisoned. |

### 11.2 Recommendations

1. **CRITICAL: Enable TLS certificate verification** — Replace all `CURLOPT_SSL_VERIFYPEER=0` and `MBEDTLS_SSL_VERIFY_NONE` with proper verification. Use system CA store or bundled CA certificates.

2. **CRITICAL: Remove hardcoded credentials** — Move all API keys, passwords, and tokens to environment variables or a secrets manager. Never embed in source code.

3. **HIGH: Encrypt token transport** — Add TLS to the raw TCP token fetch protocol (port 9800). Use the existing mbedTLS integration.

4. **MEDIUM: Add certificate pinning** — Pin certificates for critical endpoints (api.anthropic.com, api.openai.com, code.scorpiox.net).

5. **MEDIUM: Audit session tracking** — Document what data is collected when `EMIT_SESSION_TRACKING=1`. Consider excluding tool output content.

6. **MEDIUM: Set minimum TLS versions** — Explicitly set `mbedtls_ssl_conf_min_tls_version(TLS1_2)` on all mbedTLS connections, not just sxmail_tls.c.

7. **LOW: Implement DNSSEC validation** — For MX lookups and critical hostname resolution.

---

## 12. Appendix: Source Files with Network Activity

| File | Lines | Network Role |
|------|-------|-------------|
| `libsxnet/sx_http.c` | 274 | HTTP client (libcurl wrapper) |
| `libsxnet/sx_http_relay.c` | ~250 | TCP relay client for HTTP |
| `libsxnet/sx_http_wasm.c` | — | WASM HTTP (Emscripten fetch) |
| `libsxnet/sx_provider_anthropic.c` | — | Anthropic API client |
| `libsxnet/sx_provider_claude_code.c` | — | Claude Code API client |
| `libsxnet/sx_provider_codex.c` | — | OpenAI Codex API client |
| `libsxnet/sx_provider_openai.c` | — | OpenAI-compatible provider |
| `libsxnet/sx_provider_gemini.c` | — | Gemini API provider |
| `libsxnet/sx_provider_scorpiox.c` | — | ScorpioX router provider |
| `libsxnet/sx_frp.c` | ~1500 | FRP reverse proxy client |
| `libsxnet/sx_host.c` | — | Host integration (polling) |
| `libsxnet/sx_mcp.c` | — | MCP tool integration |
| `sxmail_smtp.c` | — | SMTP server |
| `sxmail_imap.c` | — | IMAP server |
| `sxmail_queue.c` | — | SMTP outbound queue + MX delivery |
| `sxmail_tls.c` | — | TLS wrapper (mbedTLS) |
| `sxmail_dkim.c` | — | DKIM signing |
| `scorpiox-server.c` | ��� | HTTP server |
| `scorpiox-server-http2tcp.c` | — | HTTP-over-TCP relay server |
| `scorpiox-server-fetchtoken.c` | — | Token distribution server |
| `scorpiox-server-email.c` | — | Email server orchestrator |
| `scorpiox-claudecode-fetchtoken.c` | — | Claude token fetcher |
| `scorpiox-claudecode-refreshtoken.c` | — | Claude token refresher |
| `scorpiox-codex-fetchtoken.c` | — | Codex token fetcher |
| `scorpiox-codex-refreshtoken.c` | — | Codex token refresher |
| `scorpiox-gemini-fetchtoken.c` | — | Gemini token fetcher |
| `scorpiox-usage.c` | — | Usage telemetry sender |
| `scorpiox-emit-session.c` | — | Session telemetry sender |
| `scorpiox-websearch.c` | — | Web search client |
| `scorpiox-voice.c` | — | Voice transcription client |
| `scorpiox-fetch.c` | — | General URL fetcher |
| `scorpiox-traffic.c` | — | HTTP traffic capture |
| `scorpiox-unshare.c` | — | Container networking |
| `scorpiox-wsl.c` | — | WSL container management |
| `scorpiox-vm.c` | — | VM management |
| `scorpiox-thunderbolt4.c` | — | Raw Ethernet (BPF) transfers |
| `scorpiox-sshpass.c` | — | SSH password helper |
| `bridge/ws2tcp.c` | — | WebSocket-to-TCP bridge |
| `sxmux_session.c` | — | Unix socket IPC |

---

*End of Network Audit Report*
