📄 security-audit-report.md
⬇ Download Raw

Third-Party Software Security Review — SCORPIOX CODE

FieldValue
SoftwareSCORPIOX CODE
TypeAI-Powered Development Tool / CLI Platform
LanguagePure C (zero external dependencies)
Audit Date2026-04-29
Codebase Commit5af0d64815009873b244561082140d5766f5cfe9
ClassificationCONFIDENTIAL — For Corporate Review Only

1. Executive Summary

This report presents the consolidated findings from a comprehensive security audit of SCORPIOX CODE, an AI-powered development CLI platform written in pure C. The audit was conducted by 13 specialized automated agents, each targeting a distinct security domain, against codebase commit 5af0d64.

Key Metrics

MetricValue
Lines of Code (Total)404,459
Lines of Code (Project)174,441
Lines of Code (Vendor)230,018
Source Files Scanned497 C/H files
Audit Agents Deployed13
Total Findings175
Critical0
High12
Medium39
Low45
Informational79

Overall Risk Rating: LOW-MEDIUM

The software demonstrates a mature security posture for a C codebase of this scale. Notable strengths include:

Key areas requiring attention:

  • Install/distribution security (3 HIGH) — SHA256 verification is soft-fail, no code signing, single point of compromise for binary distribution
  • Buffer safety in server code (2 HIGH) — unclamped snprintf return values in CGI/SSE header accumulation can cause stack buffer overflow
  • Memory safety in network code (2 HIGH) — unbounded allocation sizes from network-derived data in HTTP relay
  • Network endpoint hardcoding (1 HIGH) — hardcoded public IP address for TCP relay host
  • Command injection on Windows (1 HIGH) — network-reachable OTP handler uses shell-interpolated strings
  • File I/O (1 HIGH) — Gemini API key exposed in URL query parameters
  • Windows Deployment Assessment

    For the Windows workstation deployment scope (12 primary binaries), the filtered risk is LOW. Most HIGH findings relate to server-side or Linux-only components. The Windows-specific surface shows:

    SeverityWindows-Scoped Count
    Critical0
    High10
    Medium25
    Low23
    Total58

    2. Deployment Scope

    2.1 Windows Workstation (Primary Deployment Target)

    The following binaries are compiled for and deployed on Windows workstations:

    Core Windows Binaries (12 Primary)

    BinaryPurpose
    sx.exeMain TUI — AI conversation interface
    scorpiox.exeLauncher / entry point
    scorpiox-bash.exeShell wrapper / command executor
    scorpiox-busybox.exeUnix tool manager for Windows (MSYS2/BusyBox)
    scorpiox-screenshot.exeScreen capture utility
    scorpiox-vi.exeBuilt-in text editor
    scorpiox-config.exeConfiguration TUI/CLI editor
    scorpiox-websearch.exeWeb search integration
    scorpiox-fetch.exeURL fetching / web scraping
    scorpiox-renderimage.exeImage rendering utility
    scorpiox-pwsh.exePowerShell integration bridge
    scorpiox-wsl.exeWSL2 execution manager (Windows-only)

    Additional Windows-Compiled Binaries (42)

    The full Windows build produces 52 binaries + 1 DLL (libsx.dll), including AI provider proxies (scorpiox-gemini, scorpiox-openai), token management tools, server components, and utility binaries. See Section 14 for the complete inventory.

    2.2 Linux-Only Binaries (Not Deployed on Windows)

    BinaryPurpose
    scorpiox-unshareRootless container runtime (Linux namespaces)
    scorpiox-vmKVM virtual machine runner
    scorpiox-initContainer init process (PID 1)
    scorpiox-sshpassPTY password feeding (forkpty())
    scorpiox-trafficNetwork MITM traffic monitor
    scorpiox-podmanContainer management via Podman
    scorpiox-docsDocumentation viewer
    scorpiox-executecurlcURL execution wrapper
    scorpiox-runtestTest runner
    scorpiox-cronCrontab wrapper
    scorpiox-whatsappWhatsApp CLI (uses fork/pipe/select)

    2.3 macOS-Only Binaries

    BinaryPurpose
    scorpiox-imessageiMessage integration
    scorpiox-thunderbolt4Thunderbolt 4 device utility

    2.4 Windows-Filtered Findings

    Of the 175 total findings, 58 are relevant to Windows workstation deployment. Many HIGH/MEDIUM findings (particularly in privilege/access control, container security, and Linux-specific file I/O) apply only to Linux server deployments and do not affect Windows workstation users.


    3. Changes Since Last Audit

    The previous audit was conducted on 2026-04-29 against commit 3ad7dfc (folder: output/2026-04-29_3ad7dfc).

    Delta Summary

    SeverityPrevious (3ad7dfc)Current (5af0d64)Change
    Critical20−2
    High1812−6
    Medium10039−61
    Low6045−15
    Info8779−8
    Total286175−111

    Windows-Specific Delta

    SeverityPreviousCurrentChange
    Critical10−1
    High510+5 ⚠️
    Medium4225−17
    Low2823−5
    Total7658−18

    Key Improvements Since Last Audit

  • All critical findings resolved — previous audit had 2 critical issues; current audit has 0
  • Total findings reduced by 39% (286 → 175) — significant remediation effort
  • Codebase grew by 23,186 lines (381,273 → 404,459) — net increase in code with fewer findings indicates improved security practices
  • Medium findings reduced by 61% (100 → 39) — bulk of remediation targeted medium-severity issues
  • Areas of Concern


    4. Supply Chain & Dependencies

    Agent: supply-chain | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 0 Low, 5 Info

    Architecture

    The project has a minimal supply chain footprint:

    Vendored Libraries

    LibraryVersionLicenseLOCStatus
    Mbed TLS3.6.6Apache-2.0 / GPL-2.0+209,965✅ Current (latest 3.6.x LTS, March 2026)
    yyjson0.12.0MIT19,577✅ Current, no known CVEs
    gnuwin64N/AGPL-3.0476Build scripts only (no binaries)

    Package Managers

    ManagerPresentScope
    CMakePrimary build system
    npm/BunWhatsApp bridge only (2 direct deps, ~105 transitive)
    pip⚠️Dockerfile only (requests, unpinned)
    Cargo/Go/vcpkg/ConanNot present

    Build-Time External Fetches

    SourceIntegrityRisk
    MSYS2 repo (GNU tools for Windows)No hash verificationINFO
    GitHub (ripgrep, fd for Windows)No hash verificationINFO
    GitHub (Emscripten SDK)No hash verificationINFO
    curl.se (curl 8.5.0 source)SHA-256 verified ✅

    Assessment

    The supply chain is well-controlled. The vendored-source approach eliminates most supply chain attack vectors. The npm dependency tree in the WhatsApp bridge component (~105 transitive packages) is the largest external surface area but is isolated from the core C codebase.


    5. Build System & Code Provenance

    Agent: build-provenance | Risk: LOW | Findings: 0 Critical, 0 High, 2 Medium, 3 Low, 5 Info

    Security Compiler Flags

    FlagStatus
    -fstack-protector-strong✅ Present (global)
    -D_FORTIFY_SOURCE=2✅ Present (Release)
    -Wall -Wextra✅ Present
    -Wl,-z,noexecstack✅ Present (Linux)
    -Wl,-z,relro,-z,now✅ Present (Full RELRO)
    -fcf-protection✅ Conditional (GCC x86)
    -O2✅ Present (Release)
    -static✅ Default (Linux)
    -fPIE / -pie❌ Missing

    Findings

    IDSeverityFinding
    M-01MEDIUMBuild-time model header generator can fetch from external API when SX_GENERATE_MODELS=ON
    M-02MEDIUMBuild provenance relies on git commit hash — no reproducible build hash or SLSA attestation
    L-01LOWVendored library warnings suppressed with -w flag — could hide security-relevant warnings
    L-02LOWNo -fPIE/-pie for position-independent executables (ASLR) — mitigated by static linking
    L-03LOWNo -Wformat-security explicitly set (partially covered by -Wall)

    6. Network Endpoints

    Agent: network-endpoints | Risk: MEDIUM | Findings: 0 Critical, 1 High, 7 Medium, 8 Low, 34 Info

    Summary

    The codebase contains hardcoded network endpoints spanning AI provider APIs, first-party infrastructure, third-party search engines, and DNS resolvers. All external-facing endpoints use HTTPS — good baseline security posture.

    High-Severity Finding

    IDFindingDetail
    H-01Hardcoded public IP address (20.53.240.54)Used as default TCP_HOST in embedded WASM config — if server compromised, all WASM clients default to compromised host. Native builds use hostname proxy.scorpiox.net instead.

    Medium-Severity Findings

    IDFinding
    M-01HTTP (non-TLS) default upstream http://localhost:8087 in fetchtoken server
    M-02DNS server binds 0.0.0.0 by default — exposed to all interfaces
    M-03Token relay URLs hardcoded (Claude, Codex, Gemini) — single points of failure
    M-04Usage telemetry endpoint hardcoded
    M-05Session telemetry endpoint hardcoded
    M-06Firmware download URL hardcoded
    M-07Installer download URL hardcoded

    First-Party Infrastructure Endpoints (All HTTPS)

    DomainPurpose
    dist.scorpiox.netBinary distribution, images, firmware
    token.scorpiox.netOAuth token relay (Claude, Codex, Gemini)
    code.scorpiox.netUsage/session telemetry
    whisper.scorpiox.netVoice transcription
    git.scorpiox.netGit repository hosting
    relay.scorpiox.netHTTP relay
    proxy.scorpiox.netTCP proxy host

    Third-Party AI Provider Endpoints

    DomainPurpose
    api.anthropic.comClaude API
    console.anthropic.comOAuth token refresh
    generativelanguage.googleapis.comGemini API
    auth.openai.comCodex OAuth token refresh

    7. TLS/SSL Security

    Agent: tls-security | Risk: MEDIUM | Findings: 0 Critical, 0 High, 4 Medium, 2 Low, 3 Info

    Architecture

    A centralized sx_curl_set_tls() helper applies consistent TLS settings across all 9 curl callsites. TLS 1.2 is enforced as minimum protocol version in all mbedTLS usage.

    Findings

    IDSeverityFinding
    F-01MEDIUMTLS verification bypass via SX_TLS_VERIFY=0 config — single toggle disables all certificate verification
    F-02MEDIUMTraffic capture tool (scorpiox-traffic) disables TLS verification globally for child processes — Linux only
    F-03MEDIUMmbedTLS config header documents "no certificate verification" intent for FRP/email modules
    F-04MEDIUMPlaintext HTTP relay fallback in sx_http_relay.c when HTTP_RELAY=1
    F-05LOWmbedTLS compiled without certificate verification support — acceptable for FRP/email scope
    F-06LOWOpportunistic TLS (STARTTLS) in email delivery — falls back to plaintext if server doesn't support

    Mitigations


    8. Hardcoded Credentials

    Agent: credential-hardcode | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 0 Low, 4 Info

    Result: No Credentials Found ✅

    All credential fields (11 API keys, passwords, and secrets in the embedded configuration) are empty placeholder strings (""). Credentials are supplied at runtime via:

    Informational Findings

    IDFinding
    INFO-01Credential placeholder fields exist with empty values in sx_config_embedded.c
    INFO-02Hardcoded internal infrastructure IP address (20.53.240.54) in WASM config
    INFO-03Default SSH config values (port 22223, user root) — operational defaults, no passwords
    INFO-04Example credential strings in help text (sk-ant-oat01-... truncated placeholder)

    9. File I/O & Data Handling

    Agent: file-io | Risk: LOW-MEDIUM | Findings: 0 Critical, 1 High, 5 Medium, 5 Low, 5 Info

    Positive Controls

    Findings

    IDSeverityFinding
    H-01HIGHGemini API key embedded in URL query parameters — visible in logs, /proc, proxy caches
    M-01MEDIUM328 fopen() calls lack CLOEXEC flag — FDs leak to child processes after fork()
    M-02MEDIUMDNS PID/stats files in predictable /tmp paths — symlink attack vector (Linux)
    M-03MEDIUMPredictable PID-based /tmp directory names (Linux)
    M-04MEDIUMConfig file append without exclusive lock — TOCTOU race on concurrent writes
    M-05MEDIUMTerminal multiplexer PID files in predictable paths (Linux)
    L-01LOWLog files created with default permissions (not restricted)
    L-02LOWConversation JSON files world-readable by default
    L-03LOWTraffic log captures full HTTP headers (including auth) — redacted for known patterns
    L-04LOWTemp file cleanup on signal not guaranteed
    L-05LOWNo file size limits on conversation history files

    10. Buffer Safety

    Agent: buffer-safety | Risk: MEDIUM | Findings: 0 Critical, 2 High, 2 Medium, 2 Low, 4 Info

    Safe-to-Unsafe Ratio: 99.93%

    FunctionCountSafety
    snprintf2,236✅ Safe
    strncpy603✅ Safe
    strncat14✅ Safe
    sprintf2⚠️ Unsafe
    strcpy / strcat / gets / scanf0✅ Not used

    Findings

    IDSeverityFinding
    F-01HIGHUnclamped snprintf return in SSE header accumulation (scorpiox-server.c:2107) — stack buffer overflow via malicious CGI script
    F-02HIGHUnclamped snprintf return in CGI streaming header accumulation (scorpiox-server.c:2565) — copy-paste of F-01 pattern
    F-03MEDIUMUnclamped snprintf return passed to send_all() as length — over-read on truncated buffers
    F-04MEDIUMTwo remaining sprintf calls (both in vendored boundary — scorpiox-otp.c)
    F-05LOWShell escape via tmux environment variable injection — requires tmux session access
    F-06LOWLarge stack buffers (8KB–64KB) in recursive/reentrant contexts

    Recommended Fix for F-01 and F-02

    if (w > 0) {
    

    sse_extra_pos += w;

    if ((size_t)sse_extra_pos >= sizeof(sse_extra))

    sse_extra_pos = (int)(sizeof(sse_extra) - 1);

    }

    This pattern is already correctly used at line 1394 in the same file — suggesting a copy-paste oversight in the streaming paths.


    11. Memory Safety

    Agent: memory-safety | Risk: LOW-MEDIUM | Findings: 0 Critical, 2 High, 6 Medium, 4 Low, 3 Info

    Defensive Patterns

    Findings

    IDSeverityFinding
    H-01HIGHNetwork-derived allocation size without upper bound in sx_http_relay.cbody_len up to 4GB from network frame
    H-02HIGHNetwork-derived error string allocation without cap in sx_http_relay.cerr_len up to 64KB
    M-01MEDIUMInteger overflow in malloc(len * 3 + 1) for URL encoding (sx_agent_tools_wasm.c)
    M-02MEDIUMInteger overflow in allocation size in scorpiox-tmux.c
    M-03MEDIUMUnchecked calloc() return in terminal VT subsystem
    M-04MEDIUMUnchecked malloc() return in tmux layout computation
    M-05MEDIUMUnchecked realloc() in dynamic buffer growth
    M-06MEDIUMMissing NULL check after calloc() in VT state initialization
    L-01LOWDiagnostic allocation without NULL check (non-critical path)
    L-02LOWMinor memory leak on error path in config parser
    L-03LOWAllocation in signal handler (async-signal-unsafe)
    L-04LOWstrdup without NULL check in non-critical utility

    12. Command Injection

    Agent: command-injection | Risk: MEDIUM | Findings: 0 Critical, 1 High, 4 Medium, 10 Low, 1 Info

    Architecture

    The codebase shows systematic command injection hardening (documented CJ-01 through CJ-13 fixes). On Unix, virtually all code paths use fork()+execvp() with argv arrays. Residual risks are primarily Windows-specific system()/popen() fallbacks.

    Findings

    IDSeverityFindingPlatform
    CJ-01HIGHNetwork-reachable OTP handler passes HTTP params to shell (_popen)Windows only
    CJ-02MEDIUMShell commands with config-controlled inputs via sx_system_safe() in agent toolCross-platform
    CJ-03MEDIUMpopen() for .csproj discovery with repo-controlled pathsCross-platform
    CJ-04MEDIUMUser ! shell escape executes arbitrary commands via sx_system_safe()Cross-platform
    CJ-05MEDIUMsx_rmrf() Windows path injection via system("rmdir /s /q ...")Windows only
    CJ-06LOWtmux SSH host/path interpolation via system()Windows only
    CJ-07LOWSearch tool argv reconstruction via system()Windows only
    CJ-08LOWsx_system_safe() with which + tool names from CLILinux
    CJ-09LOWsx_system_safe() with npm install/tar/cp commandsLinux
    CJ-10LOWAgent Windows-only system() with is_safe_shell_arg() validationWindows only
    CJ-11LOWBridge curl download commands via sx_system_safe()Cross-platform
    CJ-12LOWWSL import via _popen() with sanitized inputWindows only
    CJ-13LOWSSH command with sanitized config valuesWindows only
    CJ-14LOWSame SSH pattern as CJ-13 for Claude CodeWindows only
    CJ-15LOWtmux session name via system()Windows only
    CJ-16LOWEmit-session via system()Windows only

    Windows-Specific Note

    9 of 16 command injection findings are Windows-only, using system() or _popen() where Linux uses fork()+execvp(). All Windows paths include input validation (is_safe_shell_arg() allowlist). The highest-risk item (CJ-01) has strict isalnum + @._- character validation on HTTP parameters.


    13. Privilege & Access Control

    Agent: privilege-access | Risk: MEDIUM | Findings: 0 Critical, 2 High, 4 Medium, 2 Low, 5 Info

    Architecture

    The project produces no setuid/setgid binaries. Privilege-sensitive operations are concentrated in the Linux container runtime (scorpiox-unshare) and VM runner (scorpiox-vm), neither of which are deployed on Windows.

    Findings

    IDSeverityFindingPlatform
    H-01HIGH--privileged mode bypasses user namespace isolation (requires root)Linux only
    H-02HIGHCAP_IPC_LOCK retained in containers — enables memory locking DoSLinux only
    M-01MEDIUMRoot auto-detection skips CLONE_NEWUSER by defaultLinux only
    M-02MEDIUMContainer seccomp profile allows personality() and keyctl()Linux only
    M-03MEDIUMContainer cgroup limits require host cgroup write accessLinux only
    M-04MEDIUMSignal forwarding in container init allows kill of host processes if in same PID namespaceLinux only
    L-01LOWKVM device access requires kvm group membershipLinux only
    L-02LOWcgroup v2 memory limits need /sys/fs/cgroup writeLinux only

    Windows Deployment Impact

    All privilege/access findings are Linux-only. The Windows deployment has no privilege escalation mechanisms, no service installation, no registry manipulation, and no elevation-of-privilege code paths.

    14. Windows Deployment Analysis

    Agent: windows-deployment | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 3 Low, 4 Info

    Windows Build Configuration

    Complete Windows Binary Inventory (52 + 1 DLL)

    Windows-Only: scorpiox-wsl, scorpiox-busybox Cross-Platform (50): sx, scorpiox-agent, scorpiox-askuserquestion, scorpiox-bash, scorpiox-beam, scorpiox-claudecode-fetchtoken, scorpiox-claudecode-models, scorpiox-claudecode-refreshtoken, scorpiox-codex-fetchtoken, scorpiox-codex-refreshtoken, scorpiox-config, scorpiox-conv, scorpiox-debug, scorpiox-dns, scorpiox-email, scorpiox-emit-session, scorpiox-fetch, scorpiox-frp, scorpiox-gemini, scorpiox-gemini-fetchtoken, scorpiox-hook, scorpiox-host, scorpiox-kql, scorpiox-logger, scorpiox-mcp, scorpiox-mirror-git, scorpiox-multiplexer, scorpiox-openai, scorpiox-otp, scorpiox-planmode, scorpiox-printlogs, scorpiox-pwsh, scorpiox-renderimage, scorpiox-rewind, scorpiox-screenshot, scorpiox-sdk, scorpiox-search, scorpiox-server, scorpiox-server-email, scorpiox-server-fetchtoken, scorpiox-server-http2tcp, scorpiox-skills, scorpiox-systemprompt, scorpiox-tasks, scorpiox-tmux, scorpiox-transcript, scorpiox-usage, scorpiox-vault-git, scorpiox-vi, scorpiox-voice, scorpiox-websearch Shared Library: libsx.dll

    Windows-Specific Findings

    IDSeverityFinding
    L-01LOWscorpiox-beam uses unencrypted TCP for LAN file transfer (xxHash64 integrity only)
    L-02LOWscorpiox-server listens on all interfaces (0.0.0.0:8080) by default
    L-03LOWscorpiox-dns binds 0.0.0.0 for DNS resolution by default

    Platform Abstraction

    Windows code is cleanly separated via #ifdef SX_WINDOWS / #ifdef _WIN32 guards. Key adaptations:

    Assessment

    No registry manipulation, no service installation, no elevation of privilege, no kernel driver interaction. The Windows surface is well-guarded with appropriate platform abstractions.


    15. Telemetry and Tracking

    Agent: telemetry-tracking | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 2 Low, 1 Info

    Verdict: No Tracking by Default ✅

    FeatureDefaultGating
    Usage tracking (USAGE_TRACKING)OFF (0)Double-gated: caller + callee both check config
    Session telemetry (EMIT_SESSION_TRACKING)OFF (0)Double-gated: caller + callee both check config
    DNS audit loggingOFF (0)Local file only
    HTTP relayOFF (0)Config-gated
    Auto-updateNoneNo auto-update check in main binary

    Startup Behavior

    Zero network calls on startup. The first network call occurs only when the user initiates a conversation with an AI provider.

    Data Collection (When Opt-In Enabled)

    Usage tracking collects: session ID, provider, model, hostname, username, OS, architecture, token counts, rate limits. Does NOT collect: IP address, conversation content, file contents, machine fingerprints. Session telemetry collects: all of the above plus full conversation content (prompts, responses, tool calls). The code explicitly acknowledges this privacy impact.

    Findings

    IDSeverityFinding
    L-01LOWWhen EMIT_SESSION_TRACKING=1, full conversation content is transmitted (OFF by default)
    L-02LOWWhen USAGE_TRACKING=1, hostname/username are transmitted (OFF by default)
    INFO-01INFOHelp text in scorpiox-usage.c incorrectly states "default: 1" — actual compiled default is 0

    Corporate Deployment Recommendation

    No configuration changes needed for zero-tracking. The product ships with all tracking disabled. For additional hardening, remove scorpiox-usage and scorpiox-emit-session binaries entirely — the main binary will silently fail the exec call.


    16. Install Script & Distribution Security

    Agent: install-script | Risk: MEDIUM | Findings: 0 Critical, 3 High, 5 Medium, 4 Low, 5 Info

    Distribution Architecture

    High-Severity Findings

    IDSeverityFinding
    F-01HIGHSHA256 verification is soft-fail — if .sha256 file unavailable, installation proceeds without integrity check
    F-02HIGHNo code signing or GPG signature verification on any platform
    F-03HIGHChecksum and binary served from same origin (dist.scorpiox.net) — single point of compromise

    Medium-Severity Findings

    IDSeverityFinding
    F-04MEDIUMscorpioxcode.exe (Windows) downloaded without any SHA256 check
    F-05MEDIUMdist.scorpiox.net missing HSTS header (HTTP→HTTPS redirect exists but no preload)
    F-06MEDIUMNo atomic install — interrupted download/extract leaves partial state
    F-07MEDIUMNo rollback mechanism on failed update
    F-08MEDIUMWindows .cmd wrapper uses -ExecutionPolicy Bypass

    Low-Severity Findings

    IDSeverityFinding
    F-09LOWindex.txt controls branch selection — could redirect to malicious branch if server compromised
    F-10LOWLinux installer sudo chmod +x on glob patterns in /usr/local/bin
    F-11LOWmacOS installer modifies shell RC files without backup
    F-12LOWNo version pinning — always installs latest

    Positive Controls


    17. Consolidated Risk Matrix

    Critical Findings (0)

    No critical findings identified.

    High Findings (12)

    #AreaFindingSeverityStatusRecommendation
    1Install/DistributionSHA256 verification soft-fail — skipped if .sha256 unavailableHIGHOpenHard-fail: abort if checksum missing or mismatched
    2Install/DistributionNo code signing or GPG signature verificationHIGHOpenImplement GPG signing; publish public key; verify in scripts
    3Install/DistributionSingle point of compromise — binary + checksum same originHIGHOpenHost checksums on separate infrastructure or use transparency log
    4Buffer SafetyUnclamped snprintf return in SSE header accumulationHIGHOpenAdd position clamping (pattern exists elsewhere in same file)
    5Buffer SafetyUnclamped snprintf return in CGI streaming headersHIGHOpenSame fix as #4 — clamp after addition
    6Memory SafetyUnbounded allocation from network body_len (up to 4GB)HIGHOpenAdd SX_HTTP_RELAY_MAX_BODY upper bound check
    7Memory SafetyUnbounded allocation from network err_len (up to 64KB)HIGHOpenCap error string length to 4096 bytes
    8Network EndpointsHardcoded public IP 20.53.240.54 as TCP relay defaultHIGHOpenUse hostname resolution; remove hardcoded IP from WASM config
    9Command InjectionNetwork-reachable OTP handler uses shell on WindowsHIGHOpenUse CreateProcess() with argv array on Windows
    10Privilege/Access--privileged container mode bypasses namespace isolationHIGHLinux onlyAdd env-var confirmation; log to audit trail
    11Privilege/AccessCAP_IPC_LOCK retained in containersHIGHLinux onlyDrop CAP_IPC_LOCK from default container capabilities
    12File I/OGemini API key in URL query parametersHIGHOpenDocument risk; suppress verbose curl logging; explore header auth

    Medium Findings (39)

    #AreaFindingSeverity
    1BuildModel header generator fetches from external API at build timeMEDIUM
    2BuildNo reproducible build hash or SLSA attestationMEDIUM
    3NetworkHTTP localhost upstream in fetchtoken serverMEDIUM
    4NetworkDNS server binds 0.0.0.0 by defaultMEDIUM
    5NetworkToken relay URLs hardcoded (Claude)MEDIUM
    6NetworkToken relay URLs hardcoded (Codex)MEDIUM
    7NetworkToken relay URLs hardcoded (Gemini)MEDIUM
    8NetworkUsage telemetry endpoint hardcodedMEDIUM
    9NetworkSession telemetry endpoint hardcodedMEDIUM
    10TLSTLS verification bypass via SX_TLS_VERIFY=0MEDIUM
    11TLSTraffic capture tool disables TLS globally (Linux)MEDIUM
    12TLSmbedTLS "no cert verify" for FRP/email modulesMEDIUM
    13TLSPlaintext HTTP relay fallbackMEDIUM
    14File I/O328 fopen() calls lack CLOEXEC flagMEDIUM
    15File I/ODNS PID/stats in predictable /tmp paths (Linux)MEDIUM
    16File I/OPredictable PID-based /tmp directories (Linux)MEDIUM
    17File I/OConfig append without exclusive lock (TOCTOU race)MEDIUM
    18File I/OMux PID files in predictable paths (Linux)MEDIUM
    19BufferUnclamped snprintf return passed to send_all()MEDIUM
    20BufferTwo remaining sprintf calls in OTP moduleMEDIUM
    21MemoryInteger overflow in URL-encoding malloc (len * 3)MEDIUM
    22MemoryInteger overflow in tmux allocation sizeMEDIUM
    23MemoryUnchecked calloc() in terminal VT subsystemMEDIUM
    24MemoryUnchecked malloc() in tmux layoutMEDIUM
    25MemoryUnchecked realloc() in dynamic buffer growthMEDIUM
    26MemoryMissing NULL check after VT state calloc()MEDIUM
    27Command InjectionConfig-controlled inputs to sx_system_safe()MEDIUM
    28Command Injectionpopen() with repo-controlled .csproj pathsMEDIUM
    29Command InjectionUser ! shell escape to sx_system_safe()MEDIUM
    30Command InjectionWindows sx_rmrf() via system("rmdir /s /q")MEDIUM
    31PrivilegeRoot auto-skips CLONE_NEWUSER (Linux)MEDIUM
    32PrivilegeSeccomp allows personality() and keyctl() (Linux)MEDIUM
    33Privilegecgroup limits need host write access (Linux)MEDIUM
    34PrivilegeSignal forwarding cross-namespace risk (Linux)MEDIUM
    35Installscorpioxcode.exe no integrity checkMEDIUM
    36Installdist.scorpiox.net missing HSTS headerMEDIUM
    37InstallNo atomic install / partial state on interruptionMEDIUM
    38InstallNo rollback mechanism on failed updateMEDIUM
    39InstallWindows -ExecutionPolicy BypassMEDIUM

    Low Findings (45)

    Key categories:


    18. Conclusion & Recommendations

    Overall Assessment

    SCORPIOX CODE demonstrates a mature security posture for an AI-powered development tool written in pure C. The zero-dependency architecture, comprehensive compiler hardening, and systematic command injection mitigation are notable strengths. The codebase has undergone visible iterative security improvement — evidenced by the completed O_CLOEXEC hardening pass, the CJ-01 through CJ-13 injection fix series, and the 39% reduction in findings since the previous audit.

    Priority Recommendations

    Immediate (HIGH — before next release)

  • Harden SHA256 verification — change soft-fail to hard-fail in all install/update scripts
  • Fix snprintf return clamping in scorpiox-server.c lines 2107 and 2565 — trivial fix, pattern exists in same file
  • Add allocation size bounds in sx_http_relay.c — cap body_len and err_len to reasonable maximums
  • Remove hardcoded IP 20.53.240.54 from WASM embedded config — use hostname only
  • Short-Term (MEDIUM — within 30 days)

  • Implement code signing for distribution binaries (Authenticode for Windows, GPG for Linux)
  • Add scorpioxcode.exe SHA256 verification to Windows installer
  • Replace Windows system()/_popen() calls with CreateProcess() in OTP handler and sx_rmrf()
  • Add HSTS header to dist.scorpiox.net Caddy configuration
  • Create sx_fopen() wrapper that adds "e" mode flag for CLOEXEC on all platforms
  • Add integer overflow checks before allocation size calculations
  • Long-Term (LOW — within 90 days)

  • Implement reproducible builds with SLSA provenance attestation
  • Add atomic install/rollback to all platform installers
  • Consider MSI installer for Windows enterprise deployment (avoids -ExecutionPolicy Bypass)
  • Separate checksum hosting from binary hosting infrastructure
  • Evaluate -fPIE/-pie for dynamic build configurations
  • Risk Rating Summary

    ScopeRatingRationale
    OverallLOW-MEDIUM0 critical, 12 high in 175 total findings across 404K LOC
    Windows WorkstationLOW0 critical, 10 high (mostly cross-platform), clean platform separation
    Supply ChainLOWZero runtime deps, current vendored libs, no pre-built binaries
    Telemetry/PrivacyLOWAll tracking disabled by default, no mandatory collection
    Install/DistributionMEDIUMSoft-fail checksums, no code signing, single origin
    Network SecurityMEDIUMAll HTTPS, but hardcoded endpoints and configurable TLS bypass
    Memory/Buffer SafetyMEDIUM99.93% safe string ops, but network-facing allocation bounds missing

    19. Appendix: Audit Methodology

    Audit Agents

    #AgentScope
    01supply-chainPackage managers, vendored libraries, pre-built binaries, git submodules
    02build-provenanceCompiler flags, build system, code signing, SBOM, provenance
    03network-endpointsHardcoded URLs, IPs, domains, ports in all source files
    04tls-securityCertificate verification, protocol versions, cipher suites, plaintext
    05credential-hardcodeAPI keys, passwords, tokens, secrets, private keys in source
    06file-ioFile operations, temp files, permissions, data at rest, logging
    07buffer-safetysprintf/strcpy/strcat, stack buffers, bounds checking, format strings
    08memory-safetymalloc/calloc/realloc/free, NULL checks, use-after-free, double-free, integer overflow
    09command-injectionsystem(), popen(), exec*(), shell interpolation, input validation
    10privilege-accesssetuid/setgid, root requirements, capabilities, namespace isolation
    11windows-deploymentWindows binary compilation, Win32 APIs, network, file I/O, risk
    12telemetry-trackingPhone-home behavior, data collection, opt-in/out, startup calls
    13install-scriptInstall scripts, update mechanism, distribution integrity, code signing

    Scan Coverage

    MetricValue
    Total files in repository680
    C/H source files scanned497
    Non-vendor source files~120
    Lines of code (project)174,441
    Lines of code (vendor)230,018
    Allocation sites analyzed~504
    Free sites analyzed~1,370
    String operation sites~2,855
    File I/O call sites~500+
    Network endpoints cataloged50+

    Severity Classification

    SeverityDefinition
    CriticalRemotely exploitable with no authentication; immediate code execution or data breach
    HighExploitable with limited prerequisites; significant impact on confidentiality, integrity, or availability
    MediumExploitable with specific conditions; moderate impact or requires local access
    LowMinor security weakness; informational or defense-in-depth improvement
    InfoPositive security control noted, or purely informational observation

    Tools & Techniques


    This report was generated by the SCORPIOX CODE Security Audit Pipeline on 2026-04-29. Classification: CONFIDENTIAL — For Corporate Review Only.