📄 security-audit-report.md
⬇ Download Raw

Third-Party Software Security Review — ScorpioX Code

Product: ScorpioX Code Website: https://code.scorpiox.net Publisher: ScorpioX Inc Category: AI-Powered Development Tool / CLI Platform Language: Pure C (zero external dependencies) Audit Date: 2026-04-28 Codebase Commit: f7f14b49ca77bfb07d31a819de0791445d3c02a5 Branch: main Classification: CONFIDENTIAL — For Corporate Review Only

1. Executive Summary

This report presents the findings of a comprehensive security assessment of ScorpioX Code, an AI-powered development tool and CLI platform published by ScorpioX Inc. The product is built entirely in pure C (~370,000 lines of code) with zero package manager dependencies. All third-party libraries (mbedTLS for cryptography, yyjson for JSON parsing) are vendored as source code and compiled directly into the binary.

Key Security Strengths

Key Findings Requiring Attention

SeverityCountSummary
Critical5Hardcoded API keys in WASM config, SSL verification disabled on token fetchers, OAuth over plain HTTP, command injection in server CGI, SSH passwords in process listing
High12Command injection surfaces (web search, container, WSL, WhatsApp), raw TCP token transport, auto-update without code signing, plaintext credentials in config, unsalted password hashing
Medium14Stack buffer sizes, TOCTOU races, FRP weak crypto (MD5/64-iteration PBKDF2), missing error checks, predictable temp files, config masking gaps
Low6Missing compiler warnings, dead code, unused variables, signal handling
Info3Large stack buffers, Node.js bridge package.json (isolated), signal safety

Overall Risk Rating: MEDIUM

The core architecture demonstrates exemplary supply chain security — the zero-dependency, single-binary, pure-C approach with full commit provenance is best-in-class. However, the application has a broad attack surface due to its multi-tool nature (HTTP server, email server, DNS server, container runtime, VM hypervisor) and contains several areas where input validation and transport security should be hardened. The critical findings are primarily in peripheral components (WASM config, token fetchers, CGI server) rather than the core AI assistant workflow.

For corporate deployment as an AI coding assistant: The primary user-facing workflow (TUI → AI provider API) uses HTTPS with proper TLS via libcurl and represents low risk. The critical findings affect infrastructure/deployment components that may not be relevant to all deployment scenarios.

2. Application Overview

ScorpioX Code (https://code.scorpiox.net) is an AI-powered coding assistant, agent orchestrator, and container runtime platform. It provides:

Technical Architecture

AttributeDetail
LanguageC11 (pure C, no C++)
Lines of Code369,495 total (143,599 first-party + 225,896 vendored)
Build SystemCMake 3.16+
CompilerSystem gcc/clang
LinkingStatic by default (Linux)
Third-Party LibrariesmbedTLS (Apache-2.0/GPL-2.0+), yyjson (MIT) — both vendored as source
Package DependenciesNone — zero npm/pip/cargo/go/vcpkg/conan dependencies
PlatformsLinux, macOS, Windows, WASM
Output~50+ individual executables, all statically linked

3. Architecture & Supply Chain

Source: 01-architecture.md

3.1 Dependency Model

ScorpioX Code follows a vendored dependency model — the gold standard for supply chain security:

DependencyTypeLocationLOCLicense
mbedTLSVendored sourcescorpiox/vendor/mbedtls/~225,000Apache-2.0 / GPL-2.0+
yyjsonVendored sourcescorpiox/vendor/yyjson/~743KB (2 files)MIT
libcurlSystem libraryfind_package(CURL)N/AMIT
pthreadsSystem libraryfind_package(Threads)N/ASystem
No package manager files affect the C build. A bridge/package.json exists for a standalone WhatsApp bridge (TypeScript/Bun) which is entirely separate from the C compilation pipeline.

3.2 Build Process Security

3.3 Code Provenance

Author DomainCommitsPercentage
scorpiox.net99099.4%
scorpioplayer.com50.5%
sx@sx (local alias)10.1%

All 996 commits originate from ScorpioX organization email addresses. No external contributors, no public email providers (Gmail, Outlook, etc.).

3.4 Findings

FindingSeverityStatusRecommendation
Pre-built ELF binaries in bridge/ directory (2 files)MediumAcknowledgedBuild from source in CI; remove pre-built binaries from repo
Missing compiler hardening flags (-fstack-protector-strong, -D_FORTIFY_SOURCE=2)MediumOpenAdd to CMAKE_C_FLAGS
curl \bash in WhatsApp release scriptMediumAcknowledgedReplace with pinned, hash-verified download
bridge/package.json with Node.js depsInfoAcknowledgedIsolated from C build; no action needed

4. Network Security

Source: 02-network.md

4.1 Network Activity Overview

ScorpioX Code is a network-active application with ~90+ source files containing network code. Network activity is categorized as:

CategoryProtocolUser-InitiatedPurpose
AI Provider APIsHTTPS (443)Core chat functionality (Anthropic, OpenAI, Gemini)
OAuth Token RefreshHTTPS (443)AutomaticToken lifecycle management
Token Fetch ServicesHTTP/TCPAutomaticAPI key retrieval from ScorpioX infrastructure
Session TelemetryHTTPS (443)Opt-inUsage tracking (when EMIT_SESSION_TRACKING=1)
Distribution/UpdatesHTTPS (443)User actionBinary downloads, container images
Listening ServicesTCP (various)User actionHTTP server, DNS, SMTP, IMAP, WebSocket bridge

4.2 TLS Implementation

4.3 Critical Network Findings

FindingSeverityDetail
Hardcoded API keys in WASM embedded configCriticalANTHROPIC_ANTIGRAVITY_KEY and ANTHROPIC_ZAI_KEY compiled into WASM binary; extractable
SSL verification disabled on 6+ token fetchersCriticalCURLOPT_SSL_VERIFYPEER=0 and CURLOPT_SSL_VERIFYHOST=0 on OAuth/token fetch paths; MITM risk
OAuth tokens transported over plain HTTPCriticaltoken.scorpiox.net endpoints use http:// not https://; tokens interceptable
Raw TCP token transport (no encryption)Highsx_tcp_fetch.c sends SXV1 AUTH=key in plaintext over TCP
FRP tunnel TLS uses VERIFY_NONEHighTunnel endpoint identity not verified
Auto-update without code signingHighscorpiox-wsl.c downloads and replaces binary without signature verification
Session telemetry posts full conversationsHighWhen enabled, complete prompts/responses sent to code.scorpiox.net
Hardcoded LAN IPs in configHigh192.168.1.x addresses expose internal network topology

4.4 Network Mitigations


5. Data Handling & Privacy

Source: 03-data-handling.md

5.1 Data Flow Architecture

User Input → sx TUI → libsxnet (API provider) → HTTPS → Remote AI API

.scorpiox/sessions/<id>/ (conversations, traffic, logs)

.scorpiox/conversations/ (persistent conversation JSON)

.scorpiox/traces/ (debug trace JSONL)

5.2 Data Sensitivity by Component

ComponentSensitivityData Handled
sx (main TUI)HIGHAPI keys, user conversations, system prompts
scorpiox-serverHIGHJWT secrets, POST bodies, auth headers
scorpiox-server-emailCRITICALEmail content, user passwords, TLS keys, DKIM keys
scorpiox-sshpassCRITICALPlaintext passwords via CLI -p flag
scorpiox-otpHIGHTOTP secrets via CLI -s flag
libsxutilHIGHConfig cascade, logging, session management

5.3 Configuration & Secrets Management

Configuration uses a cascade model: built-in defaults → exe_dir/scorpiox-env.txt → .scorpiox/scorpiox-env.txt → ~/.config/scorpiox/scorpiox-env.txt. API keys and secrets are stored as plaintext in these config files.

Positive findings: Negative findings:

5.4 Encryption Assessment

MechanismImplementationStrength
HTTPS (AI APIs)libcurl + system CA✅ Strong
SMTP TLSmbedTLS⚠️ Cert verification sometimes disabled
FRP tunnelAES-128-CFB + PBKDF2⚠️ Only 64 PBKDF2 iterations; MD5 login hash
Email passwordsSHA-256 (unsalted)❌ Weak — rainbow table vulnerable
Data at restNone❌ Not implemented

5.5 Data Retention

5.6 Critical Data Handling Findings

FindingSeverityImpact
SSH passwords visible in process listing (ps)CriticalAny user on the system can read SSH passwords
Email password hashing uses unsalted SHA-256CriticalRainbow table attacks on stolen accounts file
No encryption at rest for persistent dataCriticalFull data exposure if filesystem is compromised
All credentials in plaintext config filesHighCredential theft via file read access
Session traffic contains full API payloadsHighAPI keys in headers, full conversation content
Trace files contain unredacted API dataHighDebug traces expose sensitive request/response data
FRP PBKDF2 uses only 64 iterationsHighBrute-force key derivation feasible
Predictable temp file names (no mkstemp)HighSymlink/TOCTOU attacks on /tmp/sx_post_*

6. Code Security Vulnerabilities

Source: 04-vulnerabilities.md

6.1 Vulnerability Overview

The codebase demonstrates generally sound C programming practices:

6.2 Critical & High Vulnerabilities

IDSeverityCVSSLocationDescription
V-01Critical9.8scorpiox-server.c:1568-1652CGI env vars embedded in Windows cmd /C via system() — sanitization strips only 6 characters
V-02High8.6scorpiox-websearch.c:222URL passed to popen() via scorpiox-fetch "%s" — shell metacharacter injection possible
V-03High8.1scorpiox-unshare.c:1245which %s via system() with package name from config — no input validation
V-04High7.5scorpiox-wsl.c:676-878system() with 16KB command buffer from user inputs, wsl.exe -d %s
V-05High7.5scorpiox-whatsapp.c:620-983Multiple system() calls with tmux commands from message data
V-06High7.4bridge/ws2tcp.c:504Path traversal check (strstr(url_path, "..")) bypassable via %2e%2e encoding

6.3 Medium Vulnerabilities

IDSeverityCVSSLocationDescription
V-07Medium6.5sxmail_dkim.c:41432KB stack buffer — bounds checked but excessive
V-08Medium6.5scorpiox-wsl.c:676,72116KB + 12KB stack buffers risk stack overflow
V-09Medium6.2sxmux_session.c:1841Type confusion — comparison always false
V-10Medium5.9scorpiox-vi.cUnchecked realloc — original pointer lost on failure
V-11Medium5.5118+ sitesPervasive snprintf(cmd) + system(cmd) pattern
V-12Medium5.3scorpiox-server.c:897-914TOCTOU: access()realpath()fopen() race window

6.4 Positive Security Patterns

The codebase employs several commendable security practices:


7. Permissions & System Access

Source: 05-permissions.md

7.1 Permission Model Overview

The ScorpioX platform encompasses components with vastly different privilege requirements:

Risk LevelComponentPrivilege RequiredReason
🔴 Criticalscorpiox-trafficUserDisables TLS verification globally for child processes
🔴 Criticalscorpiox-sshpassUserDisables all SSH host key checking by design
🟠 Highscorpiox-unshareRoot (privileged mode)Container runtime with --privileged bypass
🟠 Highscorpiox-vmkvm groupDirect /dev/kvm access, mmap of guest memory
🟠 Highscorpiox-serverUserFork-per-request executing arbitrary Python scripts
🟠 Highscorpiox-thunderbolt4RootRaw BPF Ethernet frame access
🟡 Mediumsx (main TUI)UserExtensive system()/popen() for subcommand dispatch
🟢 Lowscorpiox-podmanUserThin wrapper delegating to Podman

7.2 Process Spawning

MechanismCountRisk
system()107🟠 High — shell injection surface
exec*() family66🟡 Medium — direct exec
popen()61🟠 High — shell-mediated pipe
fork()47🟡 Medium — process isolation
CreateProcessA() (Windows)40🟡 Medium
clone() (Linux namespaces)1🟠 High — namespace creation

7.3 Sandboxing & Isolation

Container Runtime (scorpiox-unshare): No setuid binaries: The codebase does not install any setuid/setgid binaries. It relies on system-provided setuid helpers (newuidmap/newgidmap) for container UID mapping.

7.4 Filesystem Access Patterns


8. Consolidated Risk Matrix

#AreaFindingSeverityStatusRecommendation
1NetworkHardcoded API keys in WASM embedded configCriticalOpenRemove keys from source; use runtime config or environment variables for WASM builds
2NetworkSSL verification disabled on 6+ token fetchersCriticalOpenEnable CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST on all HTTPS connections
3NetworkOAuth tokens transported over plain HTTP (token.scorpiox.net)CriticalOpenMigrate all token endpoints to HTTPS
4VulnerabilitiesCGI command injection in server (Windows cmd /C)CriticalOpenReplace system() with execve()-based approach; implement allowlist-based input sanitization
5DataSSH passwords visible in process listing (/proc/pid/cmdline)CriticalOpenUse stdin or file descriptor passing instead of CLI -p flag
6DataEmail password hashing uses unsalted SHA-256CriticalOpenMigrate to bcrypt/scrypt/Argon2 with per-user salts
7DataNo encryption at rest for persistent dataCriticalAcknowledgedImplement optional at-rest encryption for session data and credentials
8VulnerabilitiesWeb search URL injection via popen()HighOpenSanitize URLs; use exec() instead of popen() with shell
9VulnerabilitiesContainer runtime which %s injectionHighOpenValidate package names against allowlist
10VulnerabilitiesWSL command injection (16KB buffer)HighOpenUse CreateProcessW() with argument array instead of system()
11VulnerabilitiesWhatsApp bridge command injection via message dataHighOpenSanitize message content before shell interpolation
12VulnerabilitiesPath traversal bypass in ws2tcp (%2e%2e)HighOpenURL-decode before path traversal check; use realpath() validation
13NetworkRaw TCP token transport (plaintext API keys)HighOpenWrap TCP connections in TLS
14NetworkFRP tunnel TLS uses VERIFY_NONEHighOpenImplement proper certificate verification or certificate pinning
15NetworkAuto-update without code signingHighOpenAdd Ed25519/GPG signature verification for downloaded binaries
16NetworkSession telemetry posts full conversationsHighAcknowledgedDocument clearly; ensure opt-in only; consider anonymization
17DataAll credentials stored as plaintext in config filesHighAcknowledgedConsider OS keychain integration or encrypted config
18DataSession traffic contains full API payloads with keysHighAcknowledgedRedact Authorization headers in traffic captures
19DataFRP PBKDF2 uses only 64 iterations / MD5 login hashHighOpenIncrease to 600,000+ iterations; replace MD5 with SHA-256+
20DataPredictable temp file names (no mkstemp)HighOpenUse mkstemp() for all temporary file creation
21Permissionsscorpiox-traffic disables TLS verification globallyHighAcknowledgedAdd warning banner; restrict to development environments
22Permissionsscorpiox-sshpass disables SSH host key checkingHighAcknowledgedMake host key checking configurable rather than force-disabled
23ArchitecturePre-built ELF binaries in bridge/MediumAcknowledgedBuild from source in CI
24ArchitectureMissing compiler hardening flagsMediumOpenAdd -fstack-protector-strong -D_FORTIFY_SOURCE=2
25Architecturecurl \bash in WhatsApp release scriptMediumAcknowledgedUse hash-verified download
26VulnerabilitiesLarge stack buffers (32KB in DKIM, 16KB in WSL)MediumAcknowledgedMove to heap allocation for buffers >4KB
27VulnerabilitiesTOCTOU in server file servingMediumOpenUse openat() / fstatat() for atomic check-and-open
28VulnerabilitiesUnchecked realloc (pointer loss on failure)MediumOpenSave original pointer before realloc; handle NULL return
29VulnerabilitiesType confusion in sxmux_session (always-false compare)MediumOpenFix data type or comparison logic
30VulnerabilitiesPervasive snprintf + system() pattern (118+ sites)MediumAcknowledgedGradually migrate to exec() family; create safe command builder API
31DataConfig masking misses _PASS, _SECRET patternsMediumOpenExtend masking to all sensitive config key patterns
32DataFetchtoken API key comparison not constant-timeMediumOpenUse CRYPTO_memcmp() or equivalent
33NetworkHardcoded LAN IPs in embedded configMediumAcknowledgedMove to runtime configuration
34NetworkDNS server on port 53 (spoofing risk)MediumAcknowledgedDocument security implications; bind to localhost by default
35PermissionsContainer --privileged mode bypasses namespacesMediumAcknowledgedRequire explicit flag; add warning
36PermissionsNo seccomp/AppArmor for containersMediumOpenAdd seccomp BPF filter for container workloads
37VulnerabilitiesMissing fscanf return value checkLowOpenCheck return value of fscanf
38VulnerabilitiesMissing #include headers (33 compiler warnings)LowOpenAdd missing standard library includes
39VulnerabilitiesDead code / unused variablesLowOpenRemove or complete implementation
40Vulnerabilitiessignal() instead of sigaction()InfoAcknowledgedMigrate to sigaction() for portable behavior

9. Conclusion & Recommendations

9.1 Overall Assessment

ScorpioX Code demonstrates a security-conscious architecture that is rare among modern development tools. The pure C implementation with zero package manager dependencies, vendored source-only libraries, static linking, and single-organization commit provenance eliminates entire categories of supply chain attacks that plague tools built on npm, pip, or other package ecosystems.

The codebase shows disciplined C programming with consistent use of snprintf and absence of classic buffer overflow patterns. The vendored dependency approach (mbedTLS + yyjson as source) provides full auditability and eliminates dependency confusion attacks.

However, the application's broad scope — encompassing an AI assistant, HTTP server, email server, DNS server, container runtime, and VM hypervisor — creates a wide attack surface. The most significant findings relate to:

  • Transport security gaps: Token fetchers and internal services that disable TLS verification or use plaintext protocols
  • Command injection surfaces: The pervasive system()/popen() pattern with shell interpolation
  • Secrets management: Plaintext credential storage and process-visible passwords
  • 9.2 Priority Recommendations

    Immediate (Critical — fix before production deployment):
  • Remove hardcoded API keys from WASM embedded configuration
  • Enable TLS certificate verification on all token fetch and OAuth paths
  • Migrate token.scorpiox.net endpoints to HTTPS
  • Replace system() with execve() in network-reachable code paths (CGI server)
  • Stop passing passwords/secrets via command-line arguments (use stdin/FD)
  • Short-term (High — address within 30 days):
  • Implement code signing for auto-update downloads
  • Migrate email password storage to bcrypt/Argon2 with salts
  • Add compiler hardening flags (-fstack-protector-strong, -D_FORTIFY_SOURCE=2)
  • Increase FRP PBKDF2 iterations to ≥600,000; replace MD5 login
  • Use mkstemp() for all temporary file creation
  • Medium-term (Medium — address within 90 days):
  • Create a safe command builder API to gradually replace snprintf + system() patterns
  • Add seccomp BPF filtering for container workloads
  • Implement optional at-rest encryption for session data
  • Extend config masking to cover all sensitive key patterns
  • Add constant-time comparison for token/key validation
  • 9.3 Suitability for Corporate Use

    As an AI coding assistant (primary use case): ScorpioX Code's core workflow — user types a prompt, the TUI sends it to an AI API over HTTPS, and displays the response — is low risk. The HTTPS transport, proper TLS verification on AI provider connections, and absence of telemetry by default make it suitable for corporate environments where:

    10. Appendix: Audit Methodology

    10.1 Scope

    This audit covered the complete ScorpioX Code codebase at commit f7f14b49ca77bfb07d31a819de0791445d3c02a5 on the main branch. The audit encompassed 369,495 lines of code across 493 C/H source files.

    10.2 Audit Agents

    Five specialized security audit agents conducted independent analyses:

    AgentReportFocus Area
    Architecture Auditor01-architecture.mdBuild system, dependencies, supply chain, code provenance
    Network Auditor02-network.mdEndpoints, protocols, TLS, telemetry, DNS
    Data Handling Auditor03-data-handling.mdFile I/O, secrets, encryption, privacy, data retention
    Vulnerability Auditor04-vulnerabilities.mdBuffer overflows, injection, memory safety, code patterns
    Permissions Auditor05-permissions.mdPrivilege model, process spawning, sandboxing, filesystem access

    10.3 Methodology

    Each agent performed:

    10.4 Limitations

    10.5 Classification

    This report is classified as CONFIDENTIAL — For Corporate Review Only. Distribution should be limited to security teams, IT governance, and authorized decision-makers evaluating ScorpioX Code for corporate deployment.


    Report compiled on 2026-04-28 by Security Audit Agent ScorpioX Code — https://code.scorpiox.net