📄 security-audit-report.md
⬇ Download Raw

ScorpioX Security Assessment Report

Comprehensive Security Audit — Unified Report
ProjectScorpioX (clang codebase)
Commitb56a30721d22391836e8145ca16fe0e24250a148
Branchmain
Audit Date2026-04-28
Lines of Code369,411 (C/H files)
AuditorsArchitecture Agent, Network Agent, Data Handling Agent, Vulnerability Agent, Permissions Agent
ClassificationCONFIDENTIAL — Internal Use Only

1. Executive Summary

This report presents the consolidated findings of a comprehensive security assessment of the ScorpioX C codebase — a TUI-based AI coding assistant platform comprising approximately 369,000 lines of C code, 150 source files, and ~65 statically-linked executables.

Key Security Strengths

Critical Findings Requiring Immediate Attention

#FindingImpact
1Hardcoded API keys and SSH credentials in WASM embedded config (sx_config_embedded.c)Credential compromise in compiled binaries
2Remote Code Execution via command injection in HTTP server OTP endpoint (scorpiox-server.c)Unauthenticated RCE on server deployments
3OAuth tokens transmitted over plaintext TCP to 20.53.240.54:9800Token interception on network
4TLS certificate verification disabled on all mbedTLS connectionsMan-in-the-middle exposure

Overall Risk Rating: MEDIUM-HIGH

The core application architecture is fundamentally sound with excellent supply chain hygiene. However, critical findings around hardcoded credentials, a command injection vulnerability, and disabled TLS verification elevate the overall risk. These are addressable issues that, once remediated, would bring the codebase to a LOW risk posture.

Findings by Severity

SeverityCount
Critical5
High15
Medium22
Low9
Info2
Total53

2. Application Overview

ScorpioX is a systems-level AI coding assistant platform written entirely in C. It provides:

The project compiles to approximately 65 statically-linked executables from a single CMake build. The architecture uses three shared static libraries (libsxutil, libsxnet, libsxui) for code reuse across tools.

Technology Stack

LayerTechnology
LanguageC (C11)
Build SystemCMake 3.16+
TLS/CryptombedTLS (vendored, custom minimal config)
JSONyyjson (vendored)
HTTP Clientlibcurl (system)
LinkingFully static on Linux
Target PlatformsLinux (primary), macOS, Windows, WASM

3. Architecture & Supply Chain Assessment

Source: 01-architecture.md

3.1 Dependency Model

The ScorpioX core build achieves zero external package manager dependencies — a significant security advantage. All third-party C code is committed directly into the repository:

Vendored LibraryLocationLicenseLines
mbedTLSscorpiox/vendor/mbedtls/Apache-2.0 / GPL-2.0+206,340
yyjsonscorpiox/vendor/yyjson/MIT19,556

The mbedTLS vendored copy uses a custom minimal configuration (sx_mbedtls_config.h) enabling only AES-128-CFB, TLS 1.2, PBKDF2-SHA1, and X.509 — substantially reducing the cryptographic attack surface.

System libraries (libcurl, OpenSSL, zlib) are found at build time via find_static_library() and pkg-config, not downloaded.

3.2 Build Security

3.3 Code Provenance

All 987 commits originate from 6 author identities, all mapping to two related domains (scorpiox.net, scorpioplayer.com). No external contributors detected.

3.4 Supply Chain Findings

FindingSeverityStatus
Core C build: zero package manager dependenciesInfo✅ Strength
Vendored mbedTLS & yyjson: auditable, pinnedInfo✅ Strength
bridge/package.json: 2 npm dependencies (WhatsApp bridge only)Medium⚠️ Acknowledged
2 pre-built ELF binaries in bridge/ without hash verificationMedium⚠️ Open
Vendored library versions not documented for CVE trackingLow⚠️ Open

4. Network Security Assessment

Source: 02-network.md

4.1 Network Activity Overview

The application is network-intensive with 13 categories of network activity spanning AI provider APIs, OAuth token acquisition, telemetry, software distribution, reverse proxy, SMTP, DNS, web search, and WebSocket bridging.

All AI provider communications use HTTPS (TLS 1.2+) to well-known API endpoints (Anthropic, OpenAI, Google, Z.AI).

4.2 Endpoint Inventory

The audit identified 30+ hardcoded endpoints across the codebase. Key categories:

CategoryCountProtocolRisk
AI Provider APIs8HTTPSLow
OAuth/Token endpoints4Mixed (HTTP/TCP/SSH)Critical-High
Telemetry endpoints2HTTPSMedium
Distribution/Update5HTTPSMedium
Internal infrastructure6MixedHigh
Services (DNS, SMTP, HTTP)5VariousMedium

4.3 Critical Network Findings

OAuth Token over Plaintext TCP: scorpiox-claudecode-fetchtoken.c transmits OAuth tokens over unencrypted TCP to 20.53.240.54:9800. No integrity or confidentiality protection exists. Token Endpoints over HTTP: token.scorpiox.net/claude, /codex, /gemini use plaintext HTTP for authentication token retrieval. TLS Certificate Verification Disabled: All mbedTLS connections (FRP, SMTP relay, SMTP server) use MBEDTLS_SSL_VERIFY_NONE, enabling man-in-the-middle attacks. FRP Authentication Uses MD5: The reverse proxy client authenticates using MD5, a cryptographically broken hash. Additionally, PBKDF2 key derivation uses only 64 iterations (recommended minimum: 600,000).

4.4 Telemetry

Two telemetry channels operate automatically:

  • Usage Tracking (code.scorpiox.net/usage-send) — sends session_id, hostname, username, OS, architecture, provider, model, token counts
  • Session Emit (code.scorpiox.net/sessions-send) — when EMIT_SESSION_TRACKING=1, sends full conversation content
  • Both use HTTPS and fire-and-forget POST requests. Usage telemetry includes machine fingerprint data (hostname, username, OS).

    4.5 No Covert Exfiltration

    The audit confirmed no patterns of covert data exfiltration. All network transmissions serve documented purposes and are either user-initiated or controlled by explicit configuration flags.


    5. Data Handling & Privacy Assessment

    Source: 03-data-handling.md

    5.1 Data Flow Architecture

    User Input → TUI (sx.c)
    

    ├→ Configuration (sx_config.c) ← scorpiox-env.txt (3 cascade levels)

    ├→ Provider (sx_provider_*.c) → HTTP/TLS → External API

    │ ├→ Traffic Logs (.scorpiox/sessions/<id>/traffic/)

    │ └→ API Keys from config / env vars / embedded config

    ├→ Session Manager (sx_session.c)

    │ ├→ conversation.json, session.log, events.jsonl, trace.jsonl

    │ ├→ config-snapshot.txt (frozen config)

    │ └→ meta.json (metadata)

    ├→ Conversation Store (.scorpiox/conversations/*.json)

    ├→ Email Server (sxmail_*.c) → Maildir format

    ├→ Multiplexer (sxmux_*.c) → Unix domain sockets

    ├→ Usage Tracking → POST to code.scorpiox.net/usage-send

    └→ Session Emit → POST to code.scorpiox.net/sessions-send

    5.2 Credential Management

    The codebase uses a three-level configuration cascade for API keys and credentials:

  • Executable directory scorpiox-env.txt (global)
  • User home ~/.claude/scorpiox-env.txt (user-level override)
  • Working directory .scorpiox/scorpiox-env.txt (project-level override)
  • All configuration files store secrets in plaintext key-value format. No encryption-at-rest is applied.

    59 unique environment variables are read via getenv(), including critical authentication variables (ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, AGENTS_PAT).

    5.3 Encryption

    5.4 Data Retention

    5.5 Privacy Findings

    FindingSeverityDetails
    Hardcoded API keys & SSH passwords in embedded configCriticalCompiled into WASM binary; includes Anthropic, Z.AI, Gemini keys and SSH password "xboxone"
    Plaintext API keys in config filesHighConfig files at 0755 directory permissions
    Unsalted SHA256 password hashingHighEmail auth vulnerable to rainbow table attacks
    Config snapshot may contain API keysHighSession snapshots dump config without redaction
    Predictable temp file namesMedium/tmp/sx_voice.wav, /tmp/sx_emit_* — symlink attack vector
    No encryption at rest for sensitive dataMediumConversations, sessions, email stored in plaintext
    Usage telemetry includes machine fingerprintMediumHostname, username, OS sent to server

    6. Code Security & Vulnerability Assessment

    Source: 04-vulnerabilities.md

    6.1 Vulnerability Summary

    The audit identified 23 distinct vulnerability findings across command injection, buffer overflow, memory safety, and race condition categories.

    6.2 Critical & High Vulnerabilities

    CRITICAL: Remote Code Execution — OTP Command Injection

    File: scorpiox-server.c, Lines 2480-2486 CVSS: 9.8

    Unsanitized query parameters from the OTP endpoint are injected directly into a system() shell command, allowing unauthenticated remote code execution.

    HIGH: Command Injection via URL/Path in Container Runtime

    File: scorpiox-unshare.c, Lines 309-312 CVSS: 8.1

    URL/path values wrapped in single quotes and passed to system() via curl/wget. Single-quote injection possible.

    HIGH: Command Injection via Maildir Deletion

    File: sxmail_maildir.c, Lines 704-711 CVSS: 7.5

    User-derived path injected into rm -rf '%s' / rmdir /s /q shell command.

    HIGH: Path Traversal in HTTP Server

    File: scorpiox-server.c, Lines 1192-1222 CVSS: 7.5 url_decode() applied before path validation without post-decode .. check.

    HIGH: Command Injection via EDITOR

    File: sx.c, Lines 655-659 CVSS: 7.2

    `EDITOR environment variable injected into system() without sanitization.

    6.3 Medium Vulnerabilities (12 findings)

    CategoryCountKey Issues
    Memory leaks2Null-check logic errors in sx_term.c, sxmux_vt.c
    Missing NULL checks150+ malloc() calls without NULL validation
    Return type mismatches2return -1 in void functions, int/pointer confusion
    Integer overflow3Unchecked multiplication before malloc() in multiple files
    Unsafe string operations228 strcpy() calls, weak .. check in ws2tcp.c
    Stack overflow risk1Stack buffers ≥64KB (5 locations with char[65536])
    Diagnostic alloc15 malloc() calls without NULL checks in heap diagnostic

    6.4 Low Vulnerabilities (5 findings)

    CategoryCountKey Issues
    Memory leak on error path1Scrollback alloc failure in sxmux_vt.c
    Race condition1Volatile flag access without mutex in sx_dll.c
    Logic error1Always-false comparison in sxmux_session.c
    Signal handling1signal() instead of sigaction()
    TOCTOU1stat() then open() patterns

    6.5 Positive Security Observations


    7. Permissions & System Access Assessment

    Source: 05-permissions.md

    7.1 Privilege Model

    The vast majority of ScorpioX tools (~60+) run as fully unprivileged processes. Only 3-4 tools require or benefit from root access:

    ComponentRoot RequiredReason
    scorpiox-thunderbolt4Yes (enforced)BPF access for raw Ethernet frames
    scorpiox-dnsPractical yesPort 53 binding
    sxmail_smtpPractical yesPort 25 binding
    scorpiox-vmNo (KVM group)/dev/kvm access
    No privilege escalation: Zero
    setuid/setgid/seteuid/setegid calls exist in the entire codebase. The code never escalates its own privileges.

    7.2 Process Spawning

    42 source files spawn child processes. The codebase uses 164 total system()/popen() calls — a systemic risk surface for command injection.

    MechanismUsageRisk
    clone() with namespace flagsContainer creationCore functionality; well-isolated
    fork() + exec*()Standard command executionSafe pattern
    system()Shell command execution (91 calls)⚠️ Injection risk if inputs not sanitized
    popen()Capture command output (73 calls)⚠️ Same injection risk as system()

    7.3 Container Security

    The scorpiox-unshare container runtime implements industry-standard isolation:

    Missing hardening:

    7.4 Environment Modification

    The scorpiox-traffic tool intentionally modifies TLS-related environment variables (HTTP_PROXY, NODE_TLS_REJECT_UNAUTHORIZED=0, etc.) for its MITM capture functionality. These modifications are correctly scoped to the child process only, not applied globally.

    No LD_PRELOAD or LD_LIBRARY_PATH modification exists anywhere — no dynamic library injection vectors.

    7.5 Filesystem Access

    The codebase accesses a broad set of filesystem paths:

    Path CategoryExamplesPurpose
    Application data~/.scorpiox/, ~/.claude/Config, sessions, conversations
    Temporary files/tmp/sxmux/, /tmp/sx_*IPC, temp storage
    System paths/proc/, /sys/, /dev/Container setup, KVM, diagnostics
    Container rootfs/var/lib/scorpiox/Container images and overlays

    8. Consolidated Risk Matrix

    8.1 Critical Findings (5)

    #AreaFindingSeverityStatusRecommendation
    C1Data/NetworkHardcoded API keys (Anthropic, Z.AI, Gemini) and SSH password ("xboxone") in sx_config_embedded.cCRITICALOpenRemove all secrets from source code; use runtime-only configuration; rotate all exposed keys immediately
    C2VulnerabilityOTP endpoint command injection in scorpiox-server.c (CVSS 9.8) — unauthenticated RCECRITICALOpenSanitize query parameters; restrict to [a-zA-Z0-9@._-]; replace system() with execvp()
    C3NetworkOAuth tokens transmitted over plaintext TCP to 20.53.240.54:9800CRITICALOpenRequire TLS for all token transmission
    C4NetworkSSH credentials hardcoded — root password for 192.168.1.6:22223CRITICALOpenRemove from source; use SSH key-based auth
    C5NetworkToken endpoints (token.scorpiox.net) use HTTP not HTTPSCRITICALOpenUpgrade all authentication endpoints to HTTPS

    8.2 High Findings (15)

    #AreaFindingSeverityStatusRecommendation
    H1NetworkTLS certificate verification disabled on all mbedTLS connectionsHIGHOpenReplace MBEDTLS_SSL_VERIFY_NONE with MBEDTLS_SSL_VERIFY_REQUIRED; load CA certs
    H2VulnerabilityCommand injection via URL/path in scorpiox-unshare.c (CVSS 8.1)HIGHOpenUse fork()+exec() instead of system() with quoted strings
    H3VulnerabilityCommand injection in maildir deletion sxmail_maildir.c (CVSS 7.5)HIGHOpenUse nftw() recursive delete or fork()+exec("rm")
    H4VulnerabilityPath traversal in HTTP server scorpiox-server.c (CVSS 7.5)HIGHOpenAdd realpath() canonicalization with webroot prefix check
    H5VulnerabilityCommand injection via EDITOR in sx.c (CVSS 7.2)HIGHOpenSanitize editor path or use execlp() directly
    H6NetworkFRP auth uses MD5 — cryptographically brokenHIGHOpenReplace with SHA-256 or better
    H7NetworkFRP PBKDF2 uses only 64 iterations (min recommended: 600,000)HIGHOpenIncrease to ≥600,000 iterations
    H8NetworkSession telemetry can send full conversation contentHIGHAcknowledgedDocument; ensure opt-in only with user consent
    H9NetworkPrivate network IPs hardcoded in WASM binaryHIGHOpenRemove internal network topology from published binaries
    H10DataPlaintext API keys in config files with 0755 directory permissionsHIGHOpenEncrypt sensitive values or use OS keychain; restrict to 0600
    H11DataUnsalted SHA256 password hashing for email authHIGHOpenReplace with bcrypt/scrypt/Argon2 with per-user salt
    H12DataConfig snapshot may write API keys to session directoryHIGHOpenRedact sensitive config keys before writing snapshot
    H13DataRaw TCP token fetch without TLSHIGHOpenRequire TLS for all credential transmission
    H14PermissionsExcessive system() usage (91 calls) — systemic injection riskHIGHOpenCreate shared sx_safe_exec() utility using fork()+execvp()
    H15PermissionsTLS bypass environment variables in scorpiox-trafficHIGHMitigatedScoped to child process only; by-design for MITM tool

    8.3 Medium Findings (22)

    #AreaFindingSeverityStatusRecommendation
    M1Architecturebridge/package.json — 2 npm dependencies for WhatsApp bridgeMEDIUMAcknowledgedIsolate bridge; consider separate repo
    M2Architecture2 pre-built ELF binaries without hash verificationMEDIUMOpenAdd CI step to verify checksums against source
    M3NetworkUsage telemetry sends machine fingerprintMEDIUMAcknowledgedMinimize PII; add opt-out mechanism
    M4NetworkAuto-update downloads executables without signature verificationMEDIUMOpenAdd binary signature verification
    M5NetworkGit PAT tokens embedded in clone URLsMEDIUMAcknowledgedUse credential helpers instead
    M6NetworkHTTP relay uses custom binary protocol without authenticationMEDIUMOpenAdd authentication to relay protocol
    M7NetworkSMTP AUTH PLAIN sends credentials in base64MEDIUMAcknowledgedStandard SMTP behavior over STARTTLS — acceptable
    M8NetworkRouter URL over plaintext HTTPMEDIUMOpenUpgrade to HTTPS
    M9NetworkCache keepalive generates ongoing API trafficMEDIUMAcknowledgedInform users of background API costs
    M10VulnerabilityMemory leak in sx_term.c null-check logic errorMEDIUMOpenFix null-check ordering
    M11Vulnerability50+ malloc() calls without NULL validationMEDIUMOpenAdd NULL checks after all allocations
    M12Vulnerabilityreturn -1 in void functions (scorpiox-server.c)MEDIUMOpenFix return types; add cleanup on error paths
    M13VulnerabilityType confusion in scorpiox-mcp.cint from char* functionMEDIUMOpenFix return type
    M14VulnerabilityInteger overflow before malloc() in multiple filesMEDIUMOpenAdd overflow guards before multiplication
    M15Vulnerabilitystrcpy() used 28 times — some with computed offsetsMEDIUMOpenReplace with snprintf() or bounded copies
    M16VulnerabilityWeak .. path traversal check in ws2tcp.cMEDIUMOpenUse realpath() canonicalization
    M17VulnerabilityStack buffers ≥64KB (5 locations)MEDIUMOpenReplace with heap allocations
    M18DataPredictable temp file namesMEDIUMOpenUse mkstemp() for all temporary files
    M19DataNo encryption at rest for conversations/sessions/emailMEDIUMAcknowledgedConsider encrypted storage for sensitive data
    M20PermissionsNo seccomp in containersMEDIUMOpenAdd seccomp filter for container child processes
    M21PermissionsNo PR_SET_NO_NEW_PRIVS in containersMEDIUMOpenCall prctl(PR_SET_NO_NEW_PRIVS, 1) before exec
    M22PermissionsUnbounded CGI process spawning in HTTP serverMEDIUMOpenAdd connection limits and child process caps

    8.4 Low Findings (9)

    #AreaFindingSeverityStatusRecommendation
    L1ArchitectureVendored library versions not documented for CVE trackingLOWOpenCreate VENDOR_VERSIONS.md
    L2NetworkDNS server defaults to Google/Cloudflare upstreamLOWAcknowledgedPrivacy consideration; configurable
    L3NetworkWebSocket bridge has no authenticationLOWOpenAdd authentication mechanism
    L4NetworkTraffic logging writes raw HTTP bodies to diskLOWAcknowledgedBy-design for debugging
    L5VulnerabilityMemory leak on scrollback alloc failureLOWOpenFree vt->cells before returning NULL
    L6VulnerabilityRace condition on volatile flag in sx_dll.cLOWOpenAdd mutex protection
    L7VulnerabilityAlways-false comparison in sxmux_session.cLOWOpenFix data type or comparison
    L8Vulnerabilitysignal() instead of sigaction()LOWOpenMigrate to sigaction()
    L9PermissionsPredictable Unix socket paths at /tmp/sxmux/LOWOpenCheck socket ownership; use per-user subdirs

    8.5 Informational (2)

    #AreaFindingSeverityStatusRecommendation
    I1ArchitectureCore C build has zero package manager dependenciesINFO✅ StrengthMaintain this approach
    I2ArchitectureSingle-organization code provenance (987 commits)INFO✅ StrengthContinue contributor governance

    9. Conclusion & Recommendations

    9.1 Overall Assessment

    The ScorpioX codebase demonstrates a mature, security-conscious architecture with notable strengths in supply chain security, dependency management, and memory safety practices. The decision to vendor all third-party code, use static linking, and maintain single-organization provenance places the project well ahead of typical open-source C projects in supply chain security.

    However, the audit identified 5 critical and 15 high-severity findings that require attention. The most impactful are:

  • Hardcoded credentials in source code — This is the single most urgent issue. API keys and SSH passwords compiled into binaries must be rotated immediately.
  • Remote Code Execution — The OTP endpoint command injection in the HTTP server could allow unauthenticated remote attackers to execute arbitrary commands.
  • TLS security gaps — Disabled certificate verification, plaintext token transmission, and weak cryptographic primitives (MD5, 64-iteration PBKDF2) undermine the confidentiality and integrity of network communications.
  • 9.2 Prioritized Remediation Roadmap

    Immediate (Week 1) — Critical

  • Rotate all embedded credentials — API keys, SSH passwords in sx_config_embedded.c are compromised
  • Fix OTP command injection — Sanitize inputs in scorpiox-server.c:2480; replace system() with execvp()
  • Enable TLS for token fetch — Replace raw TCP with HTTPS for OAuth token acquisition
  • Upgrade token endpoints to HTTPStoken.scorpiox.net must use TLS
  • Short Term (Weeks 2-4) — High

  • Enable TLS certificate verification on all mbedTLS connections
  • Fix remaining command injection vulnerabilities (unshare, maildir, EDITOR)
  • Fix path traversal in HTTP server with realpath() validation
  • Replace MD5 in FRP with SHA-256; increase PBKDF2 to ≥600,000 iterations
  • Create sx_safe_exec() utility — centralized safe process execution
  • Upgrade password hashing to bcrypt/Argon2 with per-user salts
  • Redact config snapshots — strip sensitive keys before writing
  • Medium Term (Months 2-3) — Medium

  • Add NULL checks after all allocation calls
  • Fix integer overflow guards before allocation size multiplication
  • Add seccomp + PR_SET_NO_NEW_PRIVS to container runtime
  • Add binary signature verification for auto-updates
  • Replace strcpy() with bounded alternatives
  • Move large stack buffers to heap
  • Use mkstemp() for temporary files
  • Long Term (Quarter 2) — Low/Hardening

  • Migrate from signal() to sigaction()
  • Document vendored library versions for CVE tracking
  • Add -Wformat-security -Werror=return-type to CI build flags
  • Implement TOCTOU-safe patterns with openat()/fstatat()
  • Add data retention policies for conversations, traffic captures, logs
  • 9.3 Risk Forecast

    Once the Critical and High findings are remediated, the overall risk rating is expected to drop from MEDIUM-HIGH to LOW. The fundamental architecture is sound, and the identified issues are implementation-level fixes rather than architectural redesigns.


    10. Appendix: Audit Methodology

    10.1 Scope

    ParameterValue
    CodebaseScorpioX clang repository
    Commitb56a30721d22391836e8145ca16fe0e24250a148
    Branchmain
    Total files analyzed493 (.c/.h), 224 non-vendor
    Lines of code369,411 total; ~143,515 non-vendor
    Exclusionsscorpiox/vendor/mbedtls/, scorpiox/vendor/yyjson/ (audited as vendored dependencies only)

    10.2 Audit Agents

    AgentScopeReport
    Architecture AgentDependencies, build process, supply chain, code provenance, binary analysis01-architecture.md
    Network AgentEndpoints, protocols, TLS, telemetry, data-in-transit, DNS02-network.md
    Data Handling AgentFile I/O, credentials, encryption, PII, data retention, privacy03-data-handling.md
    Vulnerability AgentBuffer overflow, command injection, memory safety, race conditions, format strings04-vulnerabilities.md
    Permissions AgentPrivilege model, process spawning, filesystem access, sandboxing, environment05-permissions.md

    10.3 Techniques

    10.4 Limitations


    Report compiled 2026-04-28 by Security Audit Agent — ScorpioX Security Assessment