# Third-Party Software Security Review — ScorpioX Code

**Software:** ScorpioX Code
**Type:** AI-Powered Development Tool / CLI Platform
**Language:** Pure C (zero external dependencies)
**Audit Date:** 2026-04-28
**Codebase Commit:** `9bfa5b461aa008cd7a1713d37c9aa6c44cecc4ce`
**Classification:** CONFIDENTIAL — For Corporate Review Only

---

## 1. Executive Summary

This report presents a comprehensive security audit of ScorpioX Code, an AI-powered development tool and CLI platform written in pure C. The audit was performed by 13 specialized automated agents, each analyzing a distinct security domain across 378,558 total lines of code (151,487 project code, 226,685 vendor code).

### Overall Risk Rating: **HIGH**

The software demonstrates exceptional discipline in several areas — notably **zero uses of unsafe string functions** (strcpy, strcat, gets, scanf), a safe-to-unsafe function ratio exceeding 2,800:1, **all telemetry disabled by default**, and comprehensive use of bounded buffer operations. However, significant risks persist in TLS certificate verification (systematically disabled across token fetchers and email), command injection vectors in network-reachable code paths, a complete absence of cryptographic integrity verification for binary distribution, and sensitive data exposure through log files.

### Aggregate Findings

| Severity | Count |
|----------|-------|
| **Critical** | 13 |
| **High** | 33 |
| **Medium** | 120 |
| **Low** | 28 |
| **Informational** | 355 |
| **Total** | **549** |

**Windows-Filtered Findings (excluding Linux/macOS-only):** 11 Critical, 28 High, 118 Medium, 28 Low — **185 actionable findings**.

### Key Strengths
- Zero external package manager dependencies (core build)
- All third-party code vendored in-tree with known versions
- Fully static linking eliminates runtime dependency attacks
- No tracking or telemetry by default — all opt-in
- Exceptional buffer safety: 2,213 `snprintf` calls, 0 `strcpy`/`strcat`/`sprintf` in project code
- Strong Windows deployment posture (LOW risk per Windows-specific audit)

### Critical Concerns
1. **No cryptographic verification** of distributed binaries (no checksums, signatures, or code signing)
2. **SSL certificate verification disabled** in token fetchers and email module (MITM risk)
3. **Command injection** vectors in network-reachable server code (Windows CGI path)
4. **Sensitive data logged to disk** including API keys in HTTP headers and VTRACE config dumps
5. **Outdated vendored mbedTLS** (3.6.3 vs 3.6.6) with 11 unpatched security advisories

---

## 2. Deployment Scope — Windows Workstation

### Primary Deployment: Windows Workstation

The following binaries are compiled and deployed on Windows:

| Category | Binaries |
|----------|----------|
| **Core CLI** | `sx.exe`, `scorpiox-config.exe`, `scorpiox-bash.exe`, `scorpiox-vi.exe` |
| **Shell & Tools** | `scorpiox-busybox.exe`, `scorpiox-pwsh.exe`, `scorpiox-wsl.exe` |
| **AI/API** | `scorpiox-agent.exe`, `scorpiox-openai.exe`, `scorpiox-gemini.exe` |
| **Networking** | `scorpiox-fetch.exe`, `scorpiox-websearch.exe`, `scorpiox-dns.exe` |
| **Media** | `scorpiox-screenshot.exe`, `scorpiox-renderimage.exe`, `scorpiox-voice.exe` |
| **Auth/Token** | `scorpiox-claudecode-fetchtoken.exe`, `scorpiox-codex-fetchtoken.exe`, `scorpiox-gemini-fetchtoken.exe` |
| **Server** | `scorpiox-server.exe`, `scorpiox-server-email.exe`, `scorpiox-server-http2tcp.exe` |
| **Utilities** | `scorpiox-conv.exe`, `scorpiox-debug.exe`, `scorpiox-email.exe`, `scorpiox-frp.exe`, `scorpiox-hook.exe`, `scorpiox-host.exe`, `scorpiox-kql.exe`, `scorpiox-logger.exe`, `scorpiox-mcp.exe`, `scorpiox-mirror-git.exe`, `scorpiox-multiplexer.exe`, `scorpiox-otp.exe`, `scorpiox-planmode.exe`, `scorpiox-printlogs.exe`, `scorpiox-rewind.exe`, `scorpiox-runtest.exe`, `scorpiox-sdk.exe`, `scorpiox-search.exe`, `scorpiox-skills.exe`, `scorpiox-systemprompt.exe`, `scorpiox-tasks.exe`, `scorpiox-tmux.exe`, `scorpiox-transcript.exe`, `scorpiox-usage.exe`, `scorpiox-vault-git.exe`, `scorpiox-emit-session.exe`, `scorpiox-executecurl.exe`, `scorpiox-askuserquestion.exe`, `scorpiox-beam.exe`, `scorpiox-docs.exe`, `scorpiox-server-fetchtoken.exe` |
| **Library** | `libsx.dll` |

**Total Windows binaries: ~58 executables + 1 DLL**

### Linux-Only Binaries (Not Deployed on Windows)

| Binary | Purpose |
|--------|---------|
| `scorpiox-unshare` | Rootless container runtime (Linux namespaces) |
| `scorpiox-vm` | QEMU/KVM hypervisor manager |
| `scorpiox-init` | Container init process |
| `scorpiox-sshpass` | PTY-based SSH password feeder |
| `scorpiox-traffic` | Network traffic proxy |
| `scorpiox-podman` | Podman container integration |
| `scorpiox-cron` | Cron job scheduler |
| `scorpiox-whatsapp` | WhatsApp bridge manager |

### macOS-Only Binaries
| Binary | Purpose |
|--------|---------|
| `scorpiox-imessage` | iMessage AppleScript bridge |

### Windows-Filtered Risk Summary

After excluding Linux-only and macOS-only findings:

| Severity | All Platforms | Windows-Relevant | Excluded |
|----------|--------------|-------------------|----------|
| Critical | 13 | **11** | 2 (unshare privileged, curl\|bash Linux install) |
| High | 33 | **28** | 5 (unshare, sshpass, imessage, podman) |
| Medium | 120 | **118** | 2 (unshare namespace, auto-subuid) |
| Low | 28 | **28** | 0 |
| **Actionable Total** | **194** | **185** | **9** |

---

## 3. Changes Since Last Audit

**Previous Audit:** `output/2026-04-28_4d61a6a` (commit `4d61a6a`)
**Previous Agents:** 11 (supply-chain through windows-deployment)
**Current Agents:** 13 (added telemetry-tracking, install-script)

### Severity Comparison

| Severity | Previous | Current | Delta | Notes |
|----------|----------|---------|-------|-------|
| Critical | 10 | 13 | **+3** | Install script audit added 4 new CRITICAL findings |
| High | 25 | 33 | **+8** | Install script (4), expanded memory-safety analysis |
| Medium | 70 | 120 | **+50** | Memory-safety error-path leaks (82) now enumerated individually |
| Low | 123 | 28 | **−95** | Reclassification: many prior LOW findings moved to INFO |
| Info | 167 | 355 | **+188** | Memory-safety dangling pointers (291) now tracked as INFO |
| **Total** | **395** | **549** | **+154** | Expanded audit scope (2 new agents) + deeper analysis |

### Key Changes
1. **New: Telemetry & Tracking Audit** — Confirmed all telemetry disabled by default (LOW risk)
2. **New: Install Script Audit** — Uncovered 4 CRITICAL findings in binary distribution pipeline
3. **Memory Safety** — Deeper analysis now tracks 291 INFO-level dangling pointer risks and 82 MEDIUM error-path memory leaks
4. **Codebase Size** — Reduced from 398,610 to 378,558 total lines (cleanup of duplicate/plan files)

---

## 4. Supply Chain & Dependencies

**Agent Risk Rating: MEDIUM**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | MEDIUM | Vendored mbedTLS 3.6.3 is 3 patch releases behind LTS 3.6.6 — 11 security advisories unpatched |
| 2 | MEDIUM | Two pre-built ELF binaries committed to repository (`bridge/scorpiox-ws2tcp`, ARM64 variant) |
| 3 | LOW | npm release candidate dependency (`@whiskeysockets/baileys@7.0.0-rc.9`) |
| 4 | LOW | ~105 transitive npm dependencies in bridge component |
| 5 | INFO | All system dependencies (libcurl, OpenSSL, zlib) are standard OS-packaged libraries |
| 6 | INFO | yyjson 0.12.0 is current — no known CVEs |
| 7 | INFO | gnuwin64 vendor contains only download scripts, no committed binaries |
| 8 | INFO | Lock file (`bun.lock`) committed with integrity hashes |

### Recommendations
- **Update mbedTLS to 3.6.6** — addresses buffer overflow, TLS 1.3 client impersonation, ECDSA stack overflow
- Remove pre-built binaries from source tree; build from source in CI
- Pin npm dependency to stable release

---

## 5. Build System & Code Provenance

**Agent Risk Rating: LOW**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | MEDIUM | Missing linker hardening flags (RELRO, noexecstack) — mitigated by static linking default |
| 2 | MEDIUM | Bridge Makefile lacks `-fstack-protector-strong` and `-D_FORTIFY_SOURCE=2` |
| 3 | LOW | Model header code generator (`tests/code_generator_models.py`) fetches from network at build time |
| 4 | LOW | Suppressed GCC warnings (`-Wno-format-truncation`, `-Wno-stringop-truncation`) |
| 5 | LOW | No reproducible build mechanism (no build provenance attestation) |
| 6 | INFO | C11 standard, CMake 3.16+, pure C project |
| 7 | INFO | Static linking default (`SX_STATIC_LINK=ON`) reduces runtime attack surface |
| 8 | INFO | `fstack-protector-strong` enabled on all builds |
| 9 | INFO | `_FORTIFY_SOURCE=2` enabled for release builds |
| 10 | INFO | `fcf-protection` enabled for GCC builds |

### Hardening Flags Summary

| Flag | Status |
|------|--------|
| `-Wall -Wextra` | ✅ Enabled |
| `-fstack-protector-strong` | ✅ Enabled |
| `-D_FORTIFY_SOURCE=2` | ✅ Release builds |
| `-fcf-protection` | ✅ GCC builds |
| `-Wl,-z,relro -Wl,-z,now` | ❌ Missing (mitigated by static linking) |
| `-fPIE -pie` | ❌ N/A for static builds |
| `-fstack-clash-protection` | ❌ Missing |

---

## 6. Network Endpoints

**Agent Risk Rating: HIGH**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | CRITICAL | Hardcoded private network IP (192.168.1.12:8045) with default credential path for Anthropic proxy |
| 2 | CRITICAL | Hardcoded public IP (20.53.240.54) as default TCP relay host |
| 3 | HIGH | Plaintext HTTP endpoints for authentication token retrieval (token.scorpiox.net) |
| 4 | HIGH | PAT (Personal Access Token) injected into HTTPS clone URLs |
| 5 | HIGH | HTTP metadata endpoints (`169.254.169.254`) for cloud token retrieval |
| 6 | HIGH | FRP tunnel configuration with hardcoded server endpoint |
| 7 | HIGH | SSH connection strings with credential interpolation |
| 8 | MEDIUM | 10+ hardcoded `dist.scorpiox.net` URLs for binary distribution |
| 9 | MEDIUM | Hardcoded DNS resolvers (1.1.1.1, 8.8.8.8) |
| 10 | MEDIUM | OAuth2 token exchange URLs for Google, Microsoft identity providers |

### Network Inventory Summary
- **49 unique hardcoded URLs** across source code
- **15+ unique hardcoded IP addresses**
- **12 hardcoded ports**
- **9+ unique domain names**

### Recommendations
- Migrate all `http://` token endpoints to `https://`
- Remove hardcoded private IPs from compiled defaults
- Use DNS hostnames instead of IP addresses for infrastructure references
- Implement configurable endpoint registry

---

## 7. TLS/SSL Security

**Agent Risk Rating: HIGH**

### Key Findings

| # | Severity | Finding | CWE |
|---|----------|---------|-----|
| 1 | CRITICAL | SSL verification disabled in 3 token fetchers (`CURLOPT_SSL_VERIFYPEER=0`) | CWE-295 |
| 2 | CRITICAL | SSL verification disabled for SMTP/TLS email sending | CWE-295 |
| 3 | HIGH | Authentication tokens fetched over plaintext HTTP | CWE-319 |
| 4 | HIGH | Traffic proxy disables all upstream certificate validation | CWE-295 |
| 5 | HIGH | FRP tunnel client uses mbedTLS with `MBEDTLS_SSL_VERIFY_NONE` | CWE-295 |
| 6 | HIGH | OAuth token exchange over unverified connections | CWE-295 |
| 7 | HIGH | Vendored mbedTLS 3.6.3 has known TLS 1.3 impersonation vulnerability | CWE-295 |
| 8 | MEDIUM | No certificate pinning for any first-party services | CWE-295 |
| 9 | MEDIUM | Mixed use of system CA store and disabled verification across modules | — |
| 10 | LOW | `TMUX_PODMAN_TLS_VERIFY` defaults to `false` | CWE-295 |

### TLS Verification Status by Module

| Module | Verification | Status |
|--------|-------------|--------|
| `scorpiox-gemini-fetchtoken` | Disabled | ❌ CRITICAL |
| `scorpiox-codex-fetchtoken` | Disabled | ❌ CRITICAL |
| `scorpiox-claudecode-fetchtoken` | Disabled | ❌ CRITICAL |
| `scorpiox-email` | Disabled | ❌ CRITICAL |
| `scorpiox-traffic` | Disabled (by design — proxy) | ⚠️ HIGH |
| `scorpiox-frp` | Disabled (mbedTLS) | ⚠️ HIGH |
| `scorpiox-codex-refreshtoken` | **Enabled** | ✅ |
| `scorpiox-claudecode-refreshtoken` | **Enabled** | ✅ |
| `sx` (main AI client) | System CA store | ✅ |

### Recommendations
- Enable certificate verification in ALL token fetchers (set `CURLOPT_SSL_VERIFYPEER=1L`, `CURLOPT_SSL_VERIFYHOST=2L`)
- Add runtime flag for development self-signed cert bypass instead of unconditional disable
- Migrate all HTTP token endpoints to HTTPS
- Update mbedTLS to 3.6.6

---

## 8. Hardcoded Credentials

**Agent Risk Rating: LOW**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | MEDIUM | Placeholder API key `"xxx"` compiled as default for `OPENAI_API_KEY` |
| 2 | LOW | SSH credential placeholder fields (`_PASS`) in compiled defaults |
| 3 | LOW | Hardcoded infrastructure IPs (192.168.1.12, 20.53.240.54) in defaults |
| 4 | INFO | 20+ API key fields correctly initialized to empty strings |
| 5 | INFO | `sx_config_is_sensitive()` function properly redacts known secret fields |

### Positive Patterns
- Configuration cascade design: environment variables → config files → compiled defaults
- Sensitive field redaction function exists and covers all credential keys
- No real API keys, passwords, or tokens found in source code

### Recommendations
- Replace `"xxx"` placeholder with empty string `""` for `OPENAI_API_KEY`
- Remove `_PASS` fields from compiled defaults entirely
- Move infrastructure IPs to runtime-only configuration

---

## 9. File I/O & Data Handling

**Agent Risk Rating: HIGH**

### Key Findings

| # | Severity | Finding | CWE |
|---|----------|---------|-----|
| 1 | CRITICAL | API request/response bodies logged to disk including API keys in HTTP headers | CWE-532 |
| 2 | CRITICAL | Config VTRACE logs ALL key-value pairs including secrets (bypasses redaction) | CWE-532 |
| 3 | HIGH | Predictable temp file names enable symlink attacks (TOCTOU) | CWE-377 |
| 4 | HIGH | Hardcoded log paths with world-readable default permissions (0644) | CWE-732 |
| 5 | HIGH | Session conversation files readable by all local users | CWE-732 |
| 6 | MEDIUM | No file locking on concurrent config reads/writes | CWE-362 |
| 7 | MEDIUM | Downloaded files stored without integrity verification | CWE-354 |
| 8 | MEDIUM | Email body written to temp file before sending (plaintext) | CWE-312 |
| 9 | MEDIUM | WSL overlay filesystem operations use predictable paths | CWE-377 |
| 10 | MEDIUM | Container image extraction without path traversal checks (tar) | CWE-22 |

### Positive Patterns
- `mkstemp()` used in 11 locations (inconsistent application)
- `realpath()` used for path traversal validation in some modules
- Config redaction function exists for log output

### Recommendations
- Redact `x-api-key` and `Authorization` headers before logging
- Apply `sx_config_is_sensitive()` to VTRACE logging
- Set all log and session file permissions to 0600
- Replace ALL predictable temp file patterns with `mkstemp()`/`mkdtemp()`

---

## 10. Buffer Safety

**Agent Risk Rating: LOW**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | MEDIUM | 5 locations where unclamped `snprintf` return value passed to `send_all()` (potential OOB read on truncation) |
| 2 | MEDIUM | 4 locations where HTTP response headers constructed without clamping `snprintf` return |
| 3 | MEDIUM | `url_encode()` theoretical integer overflow on 32-bit: `len * 3 + 1` |
| 4 | MEDIUM | `sxmail_dkim.c:414` — 32KB stack buffer for DKIM signing |
| 5 | MEDIUM | `scorpiox-tmux.c:2323` — 16KB stack buffer for command assembly |
| 6 | LOW | Single `sprintf` in vendored yyjson (conditional fallback path) |
| 7 | LOW | `strncpy` used in 593 locations — proper `sizeof()-1` pattern but no NUL guarantee on exact-fit |

### Exceptional Metrics

| Metric | Value |
|--------|-------|
| `sprintf` calls (project code) | **0** |
| `strcpy` calls | **0** |
| `strcat` calls | **0** |
| `gets` calls | **0** |
| `scanf` calls | **0** |
| `snprintf` calls | **2,213** |
| `strncpy` calls | **593** |
| Safe-to-unsafe ratio | **>2,800:1** |
| Stack buffers ≥ 4KB | 214 (all bounded with `sizeof()`) |

---

## 11. Memory Safety

**Agent Risk Rating: HIGH**

### Key Findings

| # | Severity | Count | Finding |
|---|----------|-------|---------|
| 1 | HIGH | 5 | Missing NULL checks after `calloc()` in `sx.c` (AgentThread allocation) |
| 2 | HIGH | 1 | `realloc()` result assigned directly to source pointer in `sx_mcp.c` (memory leak on failure) |
| 3 | MEDIUM | 82 | Memory leaks on error paths — allocations not freed before early return |
| 4 | INFO | 291 | Freed pointers not set to NULL (dangling pointer risk) |

### Analysis Summary

| Category | Count | Severity |
|----------|-------|----------|
| Missing `malloc`/`calloc` NULL check | 5 | HIGH |
| Realloc overwrite pattern | 1 | HIGH |
| Memory leak on error path | 82 | MEDIUM |
| Free without NULL assignment | 291 | INFO |

### Recommendations
- Add NULL checks after all 5 `calloc()` calls in `sx.c`
- Use temporary variable for `realloc()` in `sx_mcp.c`
- Prioritize error-path leak fixes in network-facing modules
- Consider adopting a `FREE_AND_NULL()` macro project-wide

---

## 12. Command Injection

**Agent Risk Rating: CRITICAL**

### Key Findings

| # | Severity | Finding | CVSS |
|---|----------|---------|------|
| 1 | CRITICAL | `scorpiox-docs.c` — URL injected into `system()` without sanitization | 7.8 (local) |
| 2 | CRITICAL | `scorpiox-server.c` — Windows CGI `QUERY_STRING`/`PATH_INFO` not sanitized in `_popen()` | **9.8** (network) |
| 3 | HIGH | `scorpiox-imessage.c` — AppleScript injection via incomplete escaping (macOS-only) | 8.6 |
| 4 | HIGH | `scorpiox-wsl.c` — Environment variable injection into chroot shell command | 7.8 |
| 5 | HIGH | `scorpiox-sdk.c` — SDK repo path injected into shell commands | 7.8 |
| 6 | HIGH | `scorpiox-unshare.c` — Container hostname/command injection (Linux-only) | 7.8 |
| 7 | MEDIUM | `scorpiox-multiplexer.c` — Session name used in `system()` | 6.5 |
| 8 | MEDIUM | `scorpiox-tmux.c` — Project path interpolated into shell commands | 6.5 |
| 9 | MEDIUM | `scorpiox-host.c` — Hostname injected into shell strings | 6.5 |
| 10 | MEDIUM | `scorpiox-kql.c` — KQL query passed to `system()` | 6.5 |

### System Call Inventory

| Function | Count (project code) |
|----------|---------------------|
| `system()` | 77+ |
| `popen()` | 30+ |
| `exec*()` | 40+ |

### Windows-Critical: C2 (CVSS 9.8)
The `scorpiox-server.c` Windows CGI path uses `_popen()` with unsanitized `QUERY_STRING` and `PATH_INFO` from HTTP requests. An attacker can break out of the `set "..."` command on Windows to execute arbitrary commands remotely. **This is the highest-severity finding in the entire audit.**

### Recommendations
- **Immediate:** Sanitize `QUERY_STRING` and `PATH_INFO` in `scorpiox-server.c` using `SX_SANITIZE_CMD` (already applied to other variables in the same function)
- Replace `system()` with `fork()+execvp()` (or `CreateProcessW` on Windows) wherever possible
- Implement and enforce `is_safe_shell_arg()` validation for all user-supplied shell arguments

---

## 13. Privilege & Access Control

**Agent Risk Rating: MEDIUM**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | CRITICAL | `scorpiox-unshare --privileged` runs container with full root capabilities (Linux-only) |
| 2 | HIGH | `scorpiox-wsl` uses `chroot` with shell-interpolated environment variables (Windows) |
| 3 | HIGH | `scorpiox-sshpass` disables SSH host key verification by default (Linux-only) |
| 4 | HIGH | `scorpiox-unshare` auto-creates `/etc/subuid` and `/etc/subgid` when root (Linux-only) |
| 5 | HIGH | Multiple server components bind to `0.0.0.0` by default (all interfaces) |
| 6 | HIGH | DNS server (`scorpiox-dns`) listens on privileged port 53 |
| 7 | HIGH | `newuidmap`/`newgidmap` setuid helper reliance (Linux-only) |
| 8 | MEDIUM | No rate limiting or authentication on local server endpoints |
| 9 | MEDIUM | Container hostname written to `/etc/hostname` inside namespace |
| 10 | MEDIUM | JWT validation uses hardcoded issuer/audience URLs |
| 11 | MEDIUM | Server email component stores SMTP credentials in config |
| 12 | MEDIUM | `setgroups` allowed when full UID range available |

### Windows-Relevant Privilege Findings
After excluding Linux-only findings (unshare, sshpass, podman, cron):
- **0 Critical** (the unshare `--privileged` finding is Linux-only)
- **3 High** (WSL chroot, server bind 0.0.0.0, DNS port 53)
- **3 Medium** (no rate limiting, JWT hardcoded, SMTP creds)

### Positive Patterns
- Main `sx` binary runs entirely as unprivileged user
- No `setuid`/`setgid` calls in any Windows binary
- No capability manipulation on Windows
- Process monitoring subsystem tracks child process lifecycle

---

## 14. Windows Deployment Analysis

**Agent Risk Rating: LOW**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | INFO | MinGW static linking with vendored mbedTLS and yyjson |
| 2 | INFO | `scorpiox-wsl` uses `_spawnvp()` instead of `system()` — safe pattern |
| 3 | INFO | Self-update uses atomic NTFS rename chain |
| 4 | INFO | `scorpiox-busybox` is offline-only with minimal attack surface |
| 5 | INFO | No Windows-specific privilege escalation (no service installation, no registry modification) |
| 6 | INFO | Windows Defender / SmartScreen may flag unsigned executables |
| 7 | INFO | `CreateProcessA()` used safely for process spawning |
| 8 | INFO | WinInet API used for HTTPS downloads (inherits system TLS settings) |

### Windows-Specific Security Posture

| Property | Status |
|----------|--------|
| Code signing | ❌ Not implemented |
| Windows service installation | ❌ Not applicable (CLI tool) |
| Registry modification | ❌ None |
| UAC elevation | ❌ Not required |
| Windows Firewall rules | ❌ Not modified |
| `system()` on Windows | Limited — `_spawnvp()` preferred |
| DLL search order hijacking | Low risk — static linking minimizes DLLs |

### Assessment
The Windows deployment profile is **clean**. The software operates as an unprivileged CLI application with no system-level modifications. The primary risk on Windows is the unsigned binary distribution (may trigger SmartScreen warnings) and the CGI command injection in `scorpiox-server.c` (covered in Section 12).

---

## 15. Telemetry and Tracking

**Agent Risk Rating: LOW**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | LOW | Documentation bug: help text states `USAGE_TRACKING` defaults to `1` but compiled default is `"0"` |
| 2 | INFO | All telemetry disabled by default (`USAGE_TRACKING=0`, `EMIT_SESSION_TRACKING=0`) |
| 3 | INFO | No mandatory data collection — zero data sent unless user explicitly enables |
| 4 | INFO | Usage tracking collects hostname, username, project name when enabled |
| 5 | INFO | Session telemetry sends full conversation content when enabled (documented) |
| 6 | INFO | No third-party analytics, advertising SDKs, or fingerprinting |
| 7 | INFO | Update check only in `scorpiox-wsl` helper, not main `sx` binary |
| 8 | INFO | WhatsApp bridge auto-download only triggers when feature explicitly used |

### Telemetry Configuration Defaults

| Feature | Default | User Control |
|---------|---------|-------------|
| Usage tracking | **Disabled** (`0`) | `USAGE_TRACKING` config key |
| Session telemetry | **Disabled** (`0`) | `EMIT_SESSION_TRACKING` config key |
| Auto-update check | **Disabled** (empty URL) | `UPDATE_URL` config key |
| Bridge auto-download | **On-demand** | Only when WhatsApp feature used |

### Assessment
**Excellent privacy posture.** No tracking by default, no mandatory data collection, full user control over all telemetry features. The session telemetry feature (which sends conversation content) is appropriately documented as sensitive and disabled by default.

---

## 16. Install Script & Distribution Security

**Agent Risk Rating: CRITICAL**

### Key Findings

| # | Severity | Finding |
|---|----------|---------|
| 1 | CRITICAL | **No cryptographic integrity verification** of any downloaded binary (no checksums, GPG, code signing) |
| 2 | CRITICAL | `curl -k` disables TLS verification during binary downloads in tmux and podman modules |
| 3 | CRITICAL | Hardcoded NAS/SMB credentials for distribution server in plaintext across 15+ files |
| 4 | CRITICAL | `curl\|bash` install pattern executes remote code without any verification |
| 5 | HIGH | Self-update uses file-size comparison only (no hash or signature) |
| 6 | HIGH | Bridge binary auto-download has no integrity verification |
| 7 | HIGH | No reproducible build process or build provenance attestation |
| 8 | HIGH | Distribution server backed by SMB share with shared credentials |
| 9 | MEDIUM | Container image downloads have no integrity checks |
| 10 | MEDIUM | Install path `~/.scorpiox` not protected by restrictive permissions |
| 11 | MEDIUM | Same-size binary replacement not detected by update mechanism |
| 12 | MEDIUM | No rollback mechanism for failed updates |
| 13 | LOW | `index.txt` branch resolution fetched over HTTP without verification |
| 14 | LOW | No uninstall mechanism |
| 15 | LOW | `chmod 0755` on all downloaded binaries without content validation |
| 16 | INFO | Hardcoded SSH passwords for build hosts in release scripts |
| 17 | INFO | `TMUX_PODMAN_TLS_VERIFY` defaults to `false` |
| 18 | INFO | No Windows `iwr\|iex` install pattern (Windows uses WSL launcher) |

### Recommendations (Priority Order)
1. **Implement SHA-256 checksum verification** for all binary downloads (publish checksums alongside binaries)
2. **Implement code signing** (Authenticode for Windows, GPG for Linux)
3. **Remove `curl -k`** from all download paths
4. **Remove hardcoded NAS credentials** from source code
5. Implement binary hash verification in self-update mechanism
6. Add reproducible build pipeline with provenance attestation

---

## 17. Consolidated Risk Matrix

| Area | Finding | Severity | Windows | Recommendation |
|------|---------|----------|---------|----------------|
| Install/Distribution | No cryptographic verification of binaries | CRITICAL | ✅ | Implement SHA-256 checksums + code signing |
| Install/Distribution | `curl -k` disables TLS during downloads | CRITICAL | ✅ | Remove `curl -k` flag |
| Install/Distribution | Hardcoded NAS/SMB credentials in source | CRITICAL | ✅ | Move to secrets management |
| Install/Distribution | `curl\|bash` install pattern | CRITICAL | ❌ | Provide package manager / signed installer |
| TLS Security | SSL verification disabled in token fetchers | CRITICAL | ✅ | Set `VERIFYPEER=1`, `VERIFYHOST=2` |
| TLS Security | SSL verification disabled for SMTP email | CRITICAL | ✅ | Enable certificate validation |
| Network Endpoints | Hardcoded private IP with credential path | CRITICAL | ✅ | Move to runtime config |
| Network Endpoints | Hardcoded public IP as default host | CRITICAL | ✅ | Use DNS hostname |
| File I/O | API keys logged to disk in HTTP headers | CRITICAL | ✅ | Redact sensitive headers |
| File I/O | VTRACE logs all secrets in plaintext | CRITICAL | ✅ | Apply `is_sensitive()` check |
| Command Injection | Windows CGI `QUERY_STRING` injection (CVSS 9.8) | CRITICAL | ✅ | Apply `SX_SANITIZE_CMD` |
| Command Injection | URL injection into `system()` | CRITICAL | ✅ | Use `execvp()` / sanitize input |
| Privilege Access | `--privileged` full root container | CRITICAL | ❌ | Linux-only, N/A for Windows |
| Network Endpoints | HTTP token endpoints (plaintext) | HIGH | ✅ | Migrate to HTTPS |
| TLS Security | Traffic proxy disables cert validation | HIGH | ✅ | Add configurable verification |
| TLS Security | FRP client disables mbedTLS verification | HIGH | ✅ | Enable `MBEDTLS_SSL_VERIFY_REQUIRED` |
| TLS Security | OAuth over unverified TLS | HIGH | ✅ | Enable verification |
| TLS Security | mbedTLS 3.6.3 known vulnerabilities | HIGH | ✅ | Update to 3.6.6 |
| File I/O | Predictable temp files (symlink attacks) | HIGH | ✅ | Use `mkstemp()`/`mkdtemp()` |
| File I/O | World-readable log files | HIGH | ✅ | Set permissions to 0600 |
| File I/O | World-readable session files | HIGH | ✅ | Set permissions to 0600 |
| Memory Safety | Missing NULL checks after calloc | HIGH | ✅ | Add NULL checks in `sx.c` |
| Memory Safety | Realloc overwrite pattern | HIGH | ✅ | Use temporary variable |
| Command Injection | WSL env variable injection | HIGH | ✅ | Sanitize env values |
| Command Injection | SDK repo path injection | HIGH | ✅ | Validate input |
| Install/Distribution | Self-update by file size only | HIGH | ✅ | Implement hash verification |
| Install/Distribution | Bridge auto-download no verification | HIGH | ✅ | Add checksum verification |
| Install/Distribution | No reproducible builds | HIGH | ✅ | Implement build provenance |
| Install/Distribution | SMB share distribution server | HIGH | ✅ | Use proper CDN with signed artifacts |
| Privilege Access | Server binds to 0.0.0.0 | HIGH | ✅ | Default to 127.0.0.1 |
| Privilege Access | DNS on privileged port 53 | HIGH | ✅ | Document privilege requirements |
| Supply Chain | mbedTLS outdated (11 advisories) | MEDIUM | ✅ | Update to 3.6.6 |
| Supply Chain | Pre-built binaries in repo | MEDIUM | ✅ | Build from source in CI |
| Build | Missing RELRO/noexecstack | MEDIUM | ✅ | Add linker flags for dynamic builds |
| Build | Bridge missing hardening flags | MEDIUM | ✅ | Add `-fstack-protector-strong` |
| Buffer Safety | Unclamped snprintf return → OOB read | MEDIUM | ✅ | Clamp to buffer size |
| Memory Safety | 82 error-path memory leaks | MEDIUM | ✅ | Add cleanup on error paths |
| Credential | Placeholder API key `"xxx"` | MEDIUM | ✅ | Replace with empty string |
| Telemetry | Documentation bug (help text vs default) | LOW | ✅ | Fix help text |

---

## 18. Conclusion & Recommendations

### Overall Assessment

ScorpioX Code is a well-engineered C application with **exceptional buffer safety discipline** and a **privacy-respecting telemetry model**. The codebase demonstrates strong secure coding practices in its core string handling, with zero uses of unsafe functions across 151K lines of project code. The Windows deployment posture is clean, with no system-level modifications, no privilege escalation, and safe process spawning patterns.

However, the software has **systemic TLS/SSL verification weaknesses** that undermine transport security across multiple modules, a **complete absence of cryptographic integrity verification** in its binary distribution pipeline, and **critical command injection vectors** in network-reachable code paths.

### Priority Remediation Roadmap

#### Immediate (Critical — Before Deployment)
1. **Fix CGI command injection** in `scorpiox-server.c` — apply `SX_SANITIZE_CMD` to `QUERY_STRING` and `PATH_INFO`
2. **Enable SSL certificate verification** in all token fetchers and email module
3. **Migrate token endpoints** from HTTP to HTTPS
4. **Implement binary checksum verification** (SHA-256) for all download paths
5. **Remove hardcoded NAS/SMB credentials** from source code

#### Short-Term (High — Within 30 Days)
6. Update vendored mbedTLS from 3.6.3 to 3.6.6
7. Set log and session file permissions to 0600
8. Replace predictable temp file patterns with `mkstemp()`/`mkdtemp()`
9. Add NULL checks after all allocation calls in `sx.c`
10. Implement code signing (Authenticode for Windows .exe)

#### Medium-Term (Medium — Within 90 Days)
11. Implement reproducible build pipeline with provenance attestation
12. Address 82 error-path memory leak locations
13. Clamp `snprintf` return values before passing to `send_all()`
14. Replace `system()` calls with `execvp()`/`CreateProcessW` where feasible
15. Default server bindings to `127.0.0.1` instead of `0.0.0.0`

### Risk Acceptance Note
For **Windows workstation deployment**, the software's risk profile is manageable. The Linux-only findings (rootless container runtime, unshare privileged mode) do not apply. The Windows-specific risk is dominated by the CGI command injection in `scorpiox-server.c` (CVSS 9.8) — this should be the top-priority fix. All other Windows findings are HIGH or lower.

---

## 19. Appendix: Audit Methodology

### Agents Deployed

| # | Agent | Scope | Method |
|---|-------|-------|--------|
| 01 | supply-chain | Package dependencies, vendored libraries, lock files | Dependency tree analysis, version comparison, CVE lookup |
| 02 | build-provenance | CMake configuration, compiler flags, build scripts | Build system parsing, flag analysis |
| 03 | network-endpoints | URLs, IPs, ports, DNS in source code | Static string extraction, protocol analysis |
| 04 | tls-security | Certificate verification, TLS configuration, cipher suites | libcurl/mbedTLS configuration analysis |
| 05 | credential-hardcode | API keys, passwords, tokens, secrets in source | Pattern matching, entropy analysis |
| 06 | file-io | File operations, permissions, temp files, logging | System call tracing, permission analysis |
| 07 | buffer-safety | sprintf/strcpy/strcat usage, stack buffers, bounds checking | Unsafe function enumeration, bounds analysis |
| 08 | memory-safety | malloc/calloc/realloc NULL checks, use-after-free, double-free, leaks | Allocation tracking, error-path analysis |
| 09 | command-injection | system()/popen()/exec*() with unsanitized input | Taint analysis, sink identification |
| 10 | privilege-access | setuid/setgid/chroot/capabilities, root requirements | Privilege call enumeration, access control review |
| 11 | windows-deployment | Windows-specific binaries, APIs, deployment patterns | Platform-conditional code analysis |
| 12 | telemetry-tracking | Data collection, tracking, phone-home behavior | Configuration default analysis, network call audit |
| 13 | install-script | Distribution mechanism, update pipeline, integrity verification | Install flow analysis, cryptographic verification audit |

### Scope
- **In scope:** All project source code (151,487 lines across ~223 C/H files)
- **Partial scope:** Vendored libraries (mbedTLS, yyjson) — version and configuration analysis only
- **Out of scope:** Third-party system libraries (libcurl, OpenSSL, zlib), runtime behavior testing, penetration testing

### Severity Definitions

| Level | Definition |
|-------|-----------|
| **Critical** | Exploitable vulnerability with direct security impact (RCE, credential theft, MITM on auth) |
| **High** | Significant security weakness requiring attacker positioning or configuration (privilege escalation, data exposure) |
| **Medium** | Defensive gap that increases attack surface or reduces security margin |
| **Low** | Minor issue with limited practical impact |
| **Info** | Observation or positive finding for completeness |
