# Third-Party Software Security Review — SCORPIOX CODE

| Field | Value |
|-------|-------|
| **Software** | SCORPIOX CODE |
| **Type** | AI-Powered Development Tool / CLI Platform |
| **Language** | Pure C (zero external dependencies) |
| **Audit Date** | 2026-04-29 |
| **Codebase Commit** | `5af0d64815009873b244561082140d5766f5cfe9` |
| **Classification** | CONFIDENTIAL — For Corporate Review Only |

---

## 1. Executive Summary

This report presents the consolidated findings from a comprehensive security audit of **SCORPIOX CODE**, an AI-powered development CLI platform written in pure C. The audit was conducted by 13 specialized automated agents, each targeting a distinct security domain, against codebase commit `5af0d64`.

### Key Metrics

| Metric | Value |
|--------|-------|
| **Lines of Code (Total)** | 404,459 |
| **Lines of Code (Project)** | 174,441 |
| **Lines of Code (Vendor)** | 230,018 |
| **Source Files Scanned** | 497 C/H files |
| **Audit Agents Deployed** | 13 |
| **Total Findings** | 175 |
| **Critical** | 0 |
| **High** | 12 |
| **Medium** | 39 |
| **Low** | 45 |
| **Informational** | 79 |

### Overall Risk Rating: **LOW-MEDIUM**

The software demonstrates a mature security posture for a C codebase of this scale. Notable strengths include:

- **Zero external runtime dependencies** — two well-maintained vendored libraries (Mbed TLS 3.6.6, yyjson 0.12.0), both at current versions
- **99.93% safe string operations** — 2,853 safe (`snprintf`/`strncpy`) vs. 2 unsafe (`sprintf`) calls
- **No hardcoded credentials** — all API keys are empty placeholders populated at runtime
- **All telemetry disabled by default** — no phone-home, no auto-update, no mandatory data collection
- **Systematic command injection hardening** — `fork()+execvp()` with argv arrays on Unix; validated shell commands on Windows
- **Full RELRO, stack protector, and FORTIFY_SOURCE** enabled in build system

Key areas requiring attention:

1. **Install/distribution security** (3 HIGH) — SHA256 verification is soft-fail, no code signing, single point of compromise for binary distribution
2. **Buffer safety in server code** (2 HIGH) — unclamped `snprintf` return values in CGI/SSE header accumulation can cause stack buffer overflow
3. **Memory safety in network code** (2 HIGH) — unbounded allocation sizes from network-derived data in HTTP relay
4. **Network endpoint hardcoding** (1 HIGH) — hardcoded public IP address for TCP relay host
5. **Command injection on Windows** (1 HIGH) — network-reachable OTP handler uses shell-interpolated strings
6. **File I/O** (1 HIGH) — Gemini API key exposed in URL query parameters

### Windows Deployment Assessment

For the Windows workstation deployment scope (12 primary binaries), the filtered risk is **LOW**. Most HIGH findings relate to server-side or Linux-only components. The Windows-specific surface shows:

| Severity | Windows-Scoped Count |
|----------|---------------------|
| Critical | 0 |
| High | 10 |
| Medium | 25 |
| Low | 23 |
| **Total** | **58** |

---

## 2. Deployment Scope

### 2.1 Windows Workstation (Primary Deployment Target)

The following binaries are compiled for and deployed on Windows workstations:

#### Core Windows Binaries (12 Primary)

| Binary | Purpose |
|--------|---------|
| `sx.exe` | Main TUI — AI conversation interface |
| `scorpiox.exe` | Launcher / entry point |
| `scorpiox-bash.exe` | Shell wrapper / command executor |
| `scorpiox-busybox.exe` | Unix tool manager for Windows (MSYS2/BusyBox) |
| `scorpiox-screenshot.exe` | Screen capture utility |
| `scorpiox-vi.exe` | Built-in text editor |
| `scorpiox-config.exe` | Configuration TUI/CLI editor |
| `scorpiox-websearch.exe` | Web search integration |
| `scorpiox-fetch.exe` | URL fetching / web scraping |
| `scorpiox-renderimage.exe` | Image rendering utility |
| `scorpiox-pwsh.exe` | PowerShell integration bridge |
| `scorpiox-wsl.exe` | WSL2 execution manager (Windows-only) |

#### Additional Windows-Compiled Binaries (42)

The full Windows build produces 52 binaries + 1 DLL (`libsx.dll`), including AI provider proxies (`scorpiox-gemini`, `scorpiox-openai`), token management tools, server components, and utility binaries. See Section 14 for the complete inventory.

### 2.2 Linux-Only Binaries (Not Deployed on Windows)

| Binary | Purpose |
|--------|---------|
| `scorpiox-unshare` | Rootless container runtime (Linux namespaces) |
| `scorpiox-vm` | KVM virtual machine runner |
| `scorpiox-init` | Container init process (PID 1) |
| `scorpiox-sshpass` | PTY password feeding (`forkpty()`) |
| `scorpiox-traffic` | Network MITM traffic monitor |
| `scorpiox-podman` | Container management via Podman |
| `scorpiox-docs` | Documentation viewer |
| `scorpiox-executecurl` | cURL execution wrapper |
| `scorpiox-runtest` | Test runner |
| `scorpiox-cron` | Crontab wrapper |
| `scorpiox-whatsapp` | WhatsApp CLI (uses fork/pipe/select) |

### 2.3 macOS-Only Binaries

| Binary | Purpose |
|--------|---------|
| `scorpiox-imessage` | iMessage integration |
| `scorpiox-thunderbolt4` | Thunderbolt 4 device utility |

### 2.4 Windows-Filtered Findings

Of the 175 total findings, **58 are relevant to Windows workstation deployment**. Many HIGH/MEDIUM findings (particularly in privilege/access control, container security, and Linux-specific file I/O) apply only to Linux server deployments and do not affect Windows workstation users.

---

## 3. Changes Since Last Audit

The previous audit was conducted on **2026-04-29** against commit `3ad7dfc` (folder: `output/2026-04-29_3ad7dfc`).

### Delta Summary

| Severity | Previous (3ad7dfc) | Current (5af0d64) | Change |
|----------|--------------------|--------------------|--------|
| Critical | 2 | 0 | **−2** ✅ |
| High | 18 | 12 | **−6** ✅ |
| Medium | 100 | 39 | **−61** ✅ |
| Low | 60 | 45 | **−15** ✅ |
| Info | 87 | 79 | **−8** ✅ |
| **Total** | **286** | **175** | **−111** ✅ |

### Windows-Specific Delta

| Severity | Previous | Current | Change |
|----------|----------|---------|--------|
| Critical | 1 | 0 | **−1** ✅ |
| High | 5 | 10 | **+5** ⚠️ |
| Medium | 42 | 25 | **−17** ✅ |
| Low | 28 | 23 | **−5** ✅ |
| **Total** | **76** | **58** | **−18** ✅ |

### Key Improvements Since Last Audit

1. **All critical findings resolved** — previous audit had 2 critical issues; current audit has 0
2. **Total findings reduced by 39%** (286 → 175) — significant remediation effort
3. **Codebase grew by 23,186 lines** (381,273 → 404,459) — net increase in code with fewer findings indicates improved security practices
4. **Medium findings reduced by 61%** (100 → 39) — bulk of remediation targeted medium-severity issues

### Areas of Concern

- Windows HIGH findings increased from 5 to 10 — this is attributable to more granular audit coverage in the current cycle (new install-script and buffer-safety findings now correctly scoped to Windows), not regression

---

## 4. Supply Chain & Dependencies

**Agent:** supply-chain | **Risk:** LOW | **Findings:** 0 Critical, 0 High, 0 Medium, 0 Low, 5 Info

### Architecture

The project has a **minimal supply chain footprint**:

- **Core:** Pure C with zero runtime package manager dependencies
- **Vendored Libraries:** 2 (source-only, no pre-compiled binaries)
- **Build System:** CMake 3.16+ (no FetchContent or ExternalProject)
- **No pre-built binaries** committed to the repository

### Vendored Libraries

| Library | Version | License | LOC | Status |
|---------|---------|---------|-----|--------|
| Mbed TLS | 3.6.6 | Apache-2.0 / GPL-2.0+ | 209,965 | ✅ Current (latest 3.6.x LTS, March 2026) |
| yyjson | 0.12.0 | MIT | 19,577 | ✅ Current, no known CVEs |
| gnuwin64 | N/A | GPL-3.0 | 476 | Build scripts only (no binaries) |

### Package Managers

| Manager | Present | Scope |
|---------|---------|-------|
| CMake | ✅ | Primary build system |
| npm/Bun | ✅ | WhatsApp bridge only (2 direct deps, ~105 transitive) |
| pip | ⚠️ | Dockerfile only (`requests`, unpinned) |
| Cargo/Go/vcpkg/Conan | ❌ | Not present |

### Build-Time External Fetches

| Source | Integrity | Risk |
|--------|-----------|------|
| MSYS2 repo (GNU tools for Windows) | No hash verification | INFO |
| GitHub (ripgrep, fd for Windows) | No hash verification | INFO |
| GitHub (Emscripten SDK) | No hash verification | INFO |
| curl.se (curl 8.5.0 source) | SHA-256 verified ✅ | — |

### Assessment

The supply chain is well-controlled. The vendored-source approach eliminates most supply chain attack vectors. The npm dependency tree in the WhatsApp bridge component (`~105 transitive packages`) is the largest external surface area but is isolated from the core C codebase.

---

## 5. Build System & Code Provenance

**Agent:** build-provenance | **Risk:** LOW | **Findings:** 0 Critical, 0 High, 2 Medium, 3 Low, 5 Info

### Security Compiler Flags

| Flag | Status |
|------|--------|
| `-fstack-protector-strong` | ✅ Present (global) |
| `-D_FORTIFY_SOURCE=2` | ✅ Present (Release) |
| `-Wall -Wextra` | ✅ Present |
| `-Wl,-z,noexecstack` | ✅ Present (Linux) |
| `-Wl,-z,relro,-z,now` | ✅ Present (Full RELRO) |
| `-fcf-protection` | ✅ Conditional (GCC x86) |
| `-O2` | ✅ Present (Release) |
| `-static` | ✅ Default (Linux) |
| `-fPIE` / `-pie` | ❌ Missing |

### Findings

| ID | Severity | Finding |
|----|----------|---------|
| M-01 | MEDIUM | Build-time model header generator can fetch from external API when `SX_GENERATE_MODELS=ON` |
| M-02 | MEDIUM | Build provenance relies on git commit hash — no reproducible build hash or SLSA attestation |
| L-01 | LOW | Vendored library warnings suppressed with `-w` flag — could hide security-relevant warnings |
| L-02 | LOW | No `-fPIE`/`-pie` for position-independent executables (ASLR) — mitigated by static linking |
| L-03 | LOW | No `-Wformat-security` explicitly set (partially covered by `-Wall`) |

---

## 6. Network Endpoints

**Agent:** network-endpoints | **Risk:** MEDIUM | **Findings:** 0 Critical, 1 High, 7 Medium, 8 Low, 34 Info

### Summary

The codebase contains hardcoded network endpoints spanning AI provider APIs, first-party infrastructure, third-party search engines, and DNS resolvers. **All external-facing endpoints use HTTPS** — good baseline security posture.

### High-Severity Finding

| ID | Finding | Detail |
|----|---------|--------|
| H-01 | Hardcoded public IP address (`20.53.240.54`) | Used as default `TCP_HOST` in embedded WASM config — if server compromised, all WASM clients default to compromised host. Native builds use hostname `proxy.scorpiox.net` instead. |

### Medium-Severity Findings

| ID | Finding |
|----|---------|
| M-01 | HTTP (non-TLS) default upstream `http://localhost:8087` in fetchtoken server |
| M-02 | DNS server binds `0.0.0.0` by default — exposed to all interfaces |
| M-03 | Token relay URLs hardcoded (Claude, Codex, Gemini) — single points of failure |
| M-04 | Usage telemetry endpoint hardcoded |
| M-05 | Session telemetry endpoint hardcoded |
| M-06 | Firmware download URL hardcoded |
| M-07 | Installer download URL hardcoded |

### First-Party Infrastructure Endpoints (All HTTPS)

| Domain | Purpose |
|--------|---------|
| `dist.scorpiox.net` | Binary distribution, images, firmware |
| `token.scorpiox.net` | OAuth token relay (Claude, Codex, Gemini) |
| `code.scorpiox.net` | Usage/session telemetry |
| `whisper.scorpiox.net` | Voice transcription |
| `git.scorpiox.net` | Git repository hosting |
| `relay.scorpiox.net` | HTTP relay |
| `proxy.scorpiox.net` | TCP proxy host |

### Third-Party AI Provider Endpoints

| Domain | Purpose |
|--------|---------|
| `api.anthropic.com` | Claude API |
| `console.anthropic.com` | OAuth token refresh |
| `generativelanguage.googleapis.com` | Gemini API |
| `auth.openai.com` | Codex OAuth token refresh |

---

## 7. TLS/SSL Security

**Agent:** tls-security | **Risk:** MEDIUM | **Findings:** 0 Critical, 0 High, 4 Medium, 2 Low, 3 Info

### Architecture

A centralized `sx_curl_set_tls()` helper applies consistent TLS settings across all 9 curl callsites. TLS 1.2 is enforced as minimum protocol version in all mbedTLS usage.

### Findings

| ID | Severity | Finding |
|----|----------|---------|
| F-01 | MEDIUM | TLS verification bypass via `SX_TLS_VERIFY=0` config — single toggle disables all certificate verification |
| F-02 | MEDIUM | Traffic capture tool (`scorpiox-traffic`) disables TLS verification globally for child processes — Linux only |
| F-03 | MEDIUM | mbedTLS config header documents "no certificate verification" intent for FRP/email modules |
| F-04 | MEDIUM | Plaintext HTTP relay fallback in `sx_http_relay.c` when `HTTP_RELAY=1` |
| F-05 | LOW | mbedTLS compiled without certificate verification support — acceptable for FRP/email scope |
| F-06 | LOW | Opportunistic TLS (STARTTLS) in email delivery — falls back to plaintext if server doesn't support |

### Mitigations

- `SX_TLS_VERIFY` defaults to `true` with warning when disabled
- Traffic capture tool is Linux-only, user-initiated, and explicitly an MITM proxy
- HTTP relay is disabled by default (`HTTP_RELAY=0`)

---

## 8. Hardcoded Credentials

**Agent:** credential-hardcode | **Risk:** LOW | **Findings:** 0 Critical, 0 High, 0 Medium, 0 Low, 4 Info

### Result: No Credentials Found ✅

All credential fields (11 API keys, passwords, and secrets in the embedded configuration) are **empty placeholder strings** (`""`). Credentials are supplied at runtime via:

- Environment variables
- Config file overrides (`scorpiox-env.txt`)
- External token-fetching mechanisms (SSH, HTTP, TCP)

### Informational Findings

| ID | Finding |
|----|---------|
| INFO-01 | Credential placeholder fields exist with empty values in `sx_config_embedded.c` |
| INFO-02 | Hardcoded internal infrastructure IP address (`20.53.240.54`) in WASM config |
| INFO-03 | Default SSH config values (port `22223`, user `root`) — operational defaults, no passwords |
| INFO-04 | Example credential strings in help text (`sk-ant-oat01-...` truncated placeholder) |

---

## 9. File I/O & Data Handling

**Agent:** file-io | **Risk:** LOW-MEDIUM | **Findings:** 0 Critical, 1 High, 5 Medium, 5 Low, 5 Info

### Positive Controls

- Prior `O_CLOEXEC` hardening pass completed (all raw `open()` calls)
- Config files with API keys written with `0600` permissions
- Sensitive headers redacted in traffic logs
- All temp files use `mkstemp()`/`mkdtemp()` — no `tmpnam()`/`tempnam()`

### Findings

| ID | Severity | Finding |
|----|----------|---------|
| H-01 | HIGH | Gemini API key embedded in URL query parameters — visible in logs, `/proc`, proxy caches |
| M-01 | MEDIUM | 328 `fopen()` calls lack CLOEXEC flag — FDs leak to child processes after `fork()` |
| M-02 | MEDIUM | DNS PID/stats files in predictable `/tmp` paths — symlink attack vector (Linux) |
| M-03 | MEDIUM | Predictable PID-based `/tmp` directory names (Linux) |
| M-04 | MEDIUM | Config file append without exclusive lock — TOCTOU race on concurrent writes |
| M-05 | MEDIUM | Terminal multiplexer PID files in predictable paths (Linux) |
| L-01 | LOW | Log files created with default permissions (not restricted) |
| L-02 | LOW | Conversation JSON files world-readable by default |
| L-03 | LOW | Traffic log captures full HTTP headers (including auth) — redacted for known patterns |
| L-04 | LOW | Temp file cleanup on signal not guaranteed |
| L-05 | LOW | No file size limits on conversation history files |

---

## 10. Buffer Safety

**Agent:** buffer-safety | **Risk:** MEDIUM | **Findings:** 0 Critical, 2 High, 2 Medium, 2 Low, 4 Info

### Safe-to-Unsafe Ratio: 99.93%

| Function | Count | Safety |
|----------|-------|--------|
| `snprintf` | 2,236 | ✅ Safe |
| `strncpy` | 603 | ✅ Safe |
| `strncat` | 14 | ✅ Safe |
| `sprintf` | 2 | ⚠️ Unsafe |
| `strcpy` / `strcat` / `gets` / `scanf` | 0 | ✅ Not used |

### Findings

| ID | Severity | Finding |
|----|----------|---------|
| F-01 | HIGH | Unclamped `snprintf` return in SSE header accumulation (`scorpiox-server.c:2107`) — stack buffer overflow via malicious CGI script |
| F-02 | HIGH | Unclamped `snprintf` return in CGI streaming header accumulation (`scorpiox-server.c:2565`) — copy-paste of F-01 pattern |
| F-03 | MEDIUM | Unclamped `snprintf` return passed to `send_all()` as length — over-read on truncated buffers |
| F-04 | MEDIUM | Two remaining `sprintf` calls (both in vendored boundary — `scorpiox-otp.c`) |
| F-05 | LOW | Shell escape via tmux environment variable injection — requires tmux session access |
| F-06 | LOW | Large stack buffers (8KB–64KB) in recursive/reentrant contexts |

### Recommended Fix for F-01 and F-02

```c
if (w > 0) {
    sse_extra_pos += w;
    if ((size_t)sse_extra_pos >= sizeof(sse_extra))
        sse_extra_pos = (int)(sizeof(sse_extra) - 1);
}
```

This pattern is already correctly used at line 1394 in the same file — suggesting a copy-paste oversight in the streaming paths.

---

## 11. Memory Safety

**Agent:** memory-safety | **Risk:** LOW-MEDIUM | **Findings:** 0 Critical, 2 High, 6 Medium, 4 Low, 3 Info

### Defensive Patterns

- `sx_strdup()` wrapper aborts on OOM
- `realloc()` patterns consistently use temporary variables (no pointer loss)
- ~504 allocation sites, ~1,370 free sites analyzed

### Findings

| ID | Severity | Finding |
|----|----------|---------|
| H-01 | HIGH | Network-derived allocation size without upper bound in `sx_http_relay.c` — `body_len` up to 4GB from network frame |
| H-02 | HIGH | Network-derived error string allocation without cap in `sx_http_relay.c` — `err_len` up to 64KB |
| M-01 | MEDIUM | Integer overflow in `malloc(len * 3 + 1)` for URL encoding (`sx_agent_tools_wasm.c`) |
| M-02 | MEDIUM | Integer overflow in allocation size in `scorpiox-tmux.c` |
| M-03 | MEDIUM | Unchecked `calloc()` return in terminal VT subsystem |
| M-04 | MEDIUM | Unchecked `malloc()` return in tmux layout computation |
| M-05 | MEDIUM | Unchecked `realloc()` in dynamic buffer growth |
| M-06 | MEDIUM | Missing NULL check after `calloc()` in VT state initialization |
| L-01 | LOW | Diagnostic allocation without NULL check (non-critical path) |
| L-02 | LOW | Minor memory leak on error path in config parser |
| L-03 | LOW | Allocation in signal handler (async-signal-unsafe) |
| L-04 | LOW | strdup without NULL check in non-critical utility |

---

## 12. Command Injection

**Agent:** command-injection | **Risk:** MEDIUM | **Findings:** 0 Critical, 1 High, 4 Medium, 10 Low, 1 Info

### Architecture

The codebase shows **systematic command injection hardening** (documented CJ-01 through CJ-13 fixes). On Unix, virtually all code paths use `fork()+execvp()` with argv arrays. Residual risks are primarily Windows-specific `system()`/`popen()` fallbacks.

### Findings

| ID | Severity | Finding | Platform |
|----|----------|---------|----------|
| CJ-01 | HIGH | Network-reachable OTP handler passes HTTP params to shell (`_popen`) | Windows only |
| CJ-02 | MEDIUM | Shell commands with config-controlled inputs via `sx_system_safe()` in agent tool | Cross-platform |
| CJ-03 | MEDIUM | `popen()` for `.csproj` discovery with repo-controlled paths | Cross-platform |
| CJ-04 | MEDIUM | User `!` shell escape executes arbitrary commands via `sx_system_safe()` | Cross-platform |
| CJ-05 | MEDIUM | `sx_rmrf()` Windows path injection via `system("rmdir /s /q ...")` | Windows only |
| CJ-06 | LOW | tmux SSH host/path interpolation via `system()` | Windows only |
| CJ-07 | LOW | Search tool argv reconstruction via `system()` | Windows only |
| CJ-08 | LOW | `sx_system_safe()` with `which` + tool names from CLI | Linux |
| CJ-09 | LOW | `sx_system_safe()` with npm install/tar/cp commands | Linux |
| CJ-10 | LOW | Agent Windows-only `system()` with `is_safe_shell_arg()` validation | Windows only |
| CJ-11 | LOW | Bridge curl download commands via `sx_system_safe()` | Cross-platform |
| CJ-12 | LOW | WSL import via `_popen()` with sanitized input | Windows only |
| CJ-13 | LOW | SSH command with sanitized config values | Windows only |
| CJ-14 | LOW | Same SSH pattern as CJ-13 for Claude Code | Windows only |
| CJ-15 | LOW | tmux session name via `system()` | Windows only |
| CJ-16 | LOW | Emit-session via `system()` | Windows only |

### Windows-Specific Note

9 of 16 command injection findings are Windows-only, using `system()` or `_popen()` where Linux uses `fork()+execvp()`. All Windows paths include input validation (`is_safe_shell_arg()` allowlist). The highest-risk item (CJ-01) has strict `isalnum + @._-` character validation on HTTP parameters.

---

## 13. Privilege & Access Control

**Agent:** privilege-access | **Risk:** MEDIUM | **Findings:** 0 Critical, 2 High, 4 Medium, 2 Low, 5 Info

### Architecture

The project produces no setuid/setgid binaries. Privilege-sensitive operations are concentrated in the Linux container runtime (`scorpiox-unshare`) and VM runner (`scorpiox-vm`), neither of which are deployed on Windows.

### Findings

| ID | Severity | Finding | Platform |
|----|----------|---------|----------|
| H-01 | HIGH | `--privileged` mode bypasses user namespace isolation (requires root) | Linux only |
| H-02 | HIGH | `CAP_IPC_LOCK` retained in containers — enables memory locking DoS | Linux only |
| M-01 | MEDIUM | Root auto-detection skips `CLONE_NEWUSER` by default | Linux only |
| M-02 | MEDIUM | Container seccomp profile allows `personality()` and `keyctl()` | Linux only |
| M-03 | MEDIUM | Container cgroup limits require host cgroup write access | Linux only |
| M-04 | MEDIUM | Signal forwarding in container init allows kill of host processes if in same PID namespace | Linux only |
| L-01 | LOW | KVM device access requires `kvm` group membership | Linux only |
| L-02 | LOW | cgroup v2 memory limits need `/sys/fs/cgroup` write | Linux only |

### Windows Deployment Impact

**All privilege/access findings are Linux-only.** The Windows deployment has no privilege escalation mechanisms, no service installation, no registry manipulation, and no elevation-of-privilege code paths.

---

## 14. Windows Deployment Analysis

**Agent:** windows-deployment | **Risk:** LOW | **Findings:** 0 Critical, 0 High, 0 Medium, 3 Low, 4 Info

### Windows Build Configuration

- **Compiler:** MinGW GCC (WinLibs POSIX UCRT)
- **Linking:** Static (`-static`)
- **System Libraries:** `ws2_32`, `wldap32`, `crypt32`, `advapi32`, `bcrypt`, `secur32`, `iphlpapi`
- **TLS:** Vendored mbedTLS + system OpenSSL via curl

### Complete Windows Binary Inventory (52 + 1 DLL)

**Windows-Only:** `scorpiox-wsl`, `scorpiox-busybox`

**Cross-Platform (50):** `sx`, `scorpiox-agent`, `scorpiox-askuserquestion`, `scorpiox-bash`, `scorpiox-beam`, `scorpiox-claudecode-fetchtoken`, `scorpiox-claudecode-models`, `scorpiox-claudecode-refreshtoken`, `scorpiox-codex-fetchtoken`, `scorpiox-codex-refreshtoken`, `scorpiox-config`, `scorpiox-conv`, `scorpiox-debug`, `scorpiox-dns`, `scorpiox-email`, `scorpiox-emit-session`, `scorpiox-fetch`, `scorpiox-frp`, `scorpiox-gemini`, `scorpiox-gemini-fetchtoken`, `scorpiox-hook`, `scorpiox-host`, `scorpiox-kql`, `scorpiox-logger`, `scorpiox-mcp`, `scorpiox-mirror-git`, `scorpiox-multiplexer`, `scorpiox-openai`, `scorpiox-otp`, `scorpiox-planmode`, `scorpiox-printlogs`, `scorpiox-pwsh`, `scorpiox-renderimage`, `scorpiox-rewind`, `scorpiox-screenshot`, `scorpiox-sdk`, `scorpiox-search`, `scorpiox-server`, `scorpiox-server-email`, `scorpiox-server-fetchtoken`, `scorpiox-server-http2tcp`, `scorpiox-skills`, `scorpiox-systemprompt`, `scorpiox-tasks`, `scorpiox-tmux`, `scorpiox-transcript`, `scorpiox-usage`, `scorpiox-vault-git`, `scorpiox-vi`, `scorpiox-voice`, `scorpiox-websearch`

**Shared Library:** `libsx.dll`

### Windows-Specific Findings

| ID | Severity | Finding |
|----|----------|---------|
| L-01 | LOW | `scorpiox-beam` uses unencrypted TCP for LAN file transfer (xxHash64 integrity only) |
| L-02 | LOW | `scorpiox-server` listens on all interfaces (`0.0.0.0:8080`) by default |
| L-03 | LOW | `scorpiox-dns` binds `0.0.0.0` for DNS resolution by default |

### Platform Abstraction

Windows code is cleanly separated via `#ifdef SX_WINDOWS` / `#ifdef _WIN32` guards. Key adaptations:

- **Process execution:** `_spawnvp()` / `CreateProcess()` — safe argv-based execution (no shell)
- **Temp directories:** `%TEMP%` / `%TMP%` / `C:\Temp`
- **Terminal:** Windows Console API (`SetConsoleMode`, `ReadConsoleInputW`)
- **Networking:** Winsock2 (`WSAStartup`, `closesocket`)

### Assessment

No registry manipulation, no service installation, no elevation of privilege, no kernel driver interaction. The Windows surface is well-guarded with appropriate platform abstractions.

---

## 15. Telemetry and Tracking

**Agent:** telemetry-tracking | **Risk:** LOW | **Findings:** 0 Critical, 0 High, 0 Medium, 2 Low, 1 Info

### Verdict: No Tracking by Default ✅

| Feature | Default | Gating |
|---------|---------|--------|
| Usage tracking (`USAGE_TRACKING`) | **OFF** (0) | Double-gated: caller + callee both check config |
| Session telemetry (`EMIT_SESSION_TRACKING`) | **OFF** (0) | Double-gated: caller + callee both check config |
| DNS audit logging | **OFF** (0) | Local file only |
| HTTP relay | **OFF** (0) | Config-gated |
| Auto-update | **None** | No auto-update check in main binary |

### Startup Behavior

**Zero network calls on startup.** The first network call occurs only when the user initiates a conversation with an AI provider.

### Data Collection (When Opt-In Enabled)

**Usage tracking** collects: session ID, provider, model, hostname, username, OS, architecture, token counts, rate limits. **Does NOT collect:** IP address, conversation content, file contents, machine fingerprints.

**Session telemetry** collects: all of the above **plus full conversation content** (prompts, responses, tool calls). The code explicitly acknowledges this privacy impact.

### Findings

| ID | Severity | Finding |
|----|----------|---------|
| L-01 | LOW | When `EMIT_SESSION_TRACKING=1`, full conversation content is transmitted (OFF by default) |
| L-02 | LOW | When `USAGE_TRACKING=1`, hostname/username are transmitted (OFF by default) |
| INFO-01 | INFO | Help text in `scorpiox-usage.c` incorrectly states "default: 1" — actual compiled default is `0` |

### Corporate Deployment Recommendation

No configuration changes needed for zero-tracking. The product ships with all tracking disabled. For additional hardening, remove `scorpiox-usage` and `scorpiox-emit-session` binaries entirely — the main binary will silently fail the `exec` call.

---

## 16. Install Script & Distribution Security

**Agent:** install-script | **Risk:** MEDIUM | **Findings:** 0 Critical, 3 High, 5 Medium, 4 Low, 5 Info

### Distribution Architecture

- **Linux/macOS:** `curl|bash` from `get.scorpiox.net`
- **Windows:** `iwr|iex` PowerShell pattern
- **Updates:** User-initiated via `scorpiox-update` (no auto-update)
- **Integrity:** SHA256 checksums from `dist.scorpiox.net`

### High-Severity Findings

| ID | Severity | Finding |
|----|----------|---------|
| F-01 | HIGH | SHA256 verification is **soft-fail** — if `.sha256` file unavailable, installation proceeds without integrity check |
| F-02 | HIGH | No code signing or GPG signature verification on any platform |
| F-03 | HIGH | Checksum and binary served from same origin (`dist.scorpiox.net`) — single point of compromise |

### Medium-Severity Findings

| ID | Severity | Finding |
|----|----------|---------|
| F-04 | MEDIUM | `scorpioxcode.exe` (Windows) downloaded without any SHA256 check |
| F-05 | MEDIUM | `dist.scorpiox.net` missing HSTS header (HTTP→HTTPS redirect exists but no preload) |
| F-06 | MEDIUM | No atomic install — interrupted download/extract leaves partial state |
| F-07 | MEDIUM | No rollback mechanism on failed update |
| F-08 | MEDIUM | Windows `.cmd` wrapper uses `-ExecutionPolicy Bypass` |

### Low-Severity Findings

| ID | Severity | Finding |
|----|----------|---------|
| F-09 | LOW | `index.txt` controls branch selection — could redirect to malicious branch if server compromised |
| F-10 | LOW | Linux installer `sudo chmod +x` on glob patterns in `/usr/local/bin` |
| F-11 | LOW | macOS installer modifies shell RC files without backup |
| F-12 | LOW | No version pinning — always installs latest |

### Positive Controls

- HTTPS-only downloads ✅
- SHA256 checksums present (when available) ✅
- No auto-update — user-initiated only ✅
- No cron/launchd/systemd services installed ✅
- Release builds tracked by commit hash ✅

---

## 17. Consolidated Risk Matrix

### Critical Findings (0)

No critical findings identified.

### High Findings (12)

| # | Area | Finding | Severity | Status | Recommendation |
|---|------|---------|----------|--------|----------------|
| 1 | Install/Distribution | SHA256 verification soft-fail — skipped if `.sha256` unavailable | HIGH | Open | Hard-fail: abort if checksum missing or mismatched |
| 2 | Install/Distribution | No code signing or GPG signature verification | HIGH | Open | Implement GPG signing; publish public key; verify in scripts |
| 3 | Install/Distribution | Single point of compromise — binary + checksum same origin | HIGH | Open | Host checksums on separate infrastructure or use transparency log |
| 4 | Buffer Safety | Unclamped `snprintf` return in SSE header accumulation | HIGH | Open | Add position clamping (pattern exists elsewhere in same file) |
| 5 | Buffer Safety | Unclamped `snprintf` return in CGI streaming headers | HIGH | Open | Same fix as #4 — clamp after addition |
| 6 | Memory Safety | Unbounded allocation from network `body_len` (up to 4GB) | HIGH | Open | Add `SX_HTTP_RELAY_MAX_BODY` upper bound check |
| 7 | Memory Safety | Unbounded allocation from network `err_len` (up to 64KB) | HIGH | Open | Cap error string length to 4096 bytes |
| 8 | Network Endpoints | Hardcoded public IP `20.53.240.54` as TCP relay default | HIGH | Open | Use hostname resolution; remove hardcoded IP from WASM config |
| 9 | Command Injection | Network-reachable OTP handler uses shell on Windows | HIGH | Open | Use `CreateProcess()` with argv array on Windows |
| 10 | Privilege/Access | `--privileged` container mode bypasses namespace isolation | HIGH | Linux only | Add env-var confirmation; log to audit trail |
| 11 | Privilege/Access | `CAP_IPC_LOCK` retained in containers | HIGH | Linux only | Drop `CAP_IPC_LOCK` from default container capabilities |
| 12 | File I/O | Gemini API key in URL query parameters | HIGH | Open | Document risk; suppress verbose curl logging; explore header auth |

### Medium Findings (39)

| # | Area | Finding | Severity |
|---|------|---------|----------|
| 1 | Build | Model header generator fetches from external API at build time | MEDIUM |
| 2 | Build | No reproducible build hash or SLSA attestation | MEDIUM |
| 3 | Network | HTTP localhost upstream in fetchtoken server | MEDIUM |
| 4 | Network | DNS server binds `0.0.0.0` by default | MEDIUM |
| 5 | Network | Token relay URLs hardcoded (Claude) | MEDIUM |
| 6 | Network | Token relay URLs hardcoded (Codex) | MEDIUM |
| 7 | Network | Token relay URLs hardcoded (Gemini) | MEDIUM |
| 8 | Network | Usage telemetry endpoint hardcoded | MEDIUM |
| 9 | Network | Session telemetry endpoint hardcoded | MEDIUM |
| 10 | TLS | TLS verification bypass via `SX_TLS_VERIFY=0` | MEDIUM |
| 11 | TLS | Traffic capture tool disables TLS globally (Linux) | MEDIUM |
| 12 | TLS | mbedTLS "no cert verify" for FRP/email modules | MEDIUM |
| 13 | TLS | Plaintext HTTP relay fallback | MEDIUM |
| 14 | File I/O | 328 `fopen()` calls lack CLOEXEC flag | MEDIUM |
| 15 | File I/O | DNS PID/stats in predictable `/tmp` paths (Linux) | MEDIUM |
| 16 | File I/O | Predictable PID-based `/tmp` directories (Linux) | MEDIUM |
| 17 | File I/O | Config append without exclusive lock (TOCTOU race) | MEDIUM |
| 18 | File I/O | Mux PID files in predictable paths (Linux) | MEDIUM |
| 19 | Buffer | Unclamped `snprintf` return passed to `send_all()` | MEDIUM |
| 20 | Buffer | Two remaining `sprintf` calls in OTP module | MEDIUM |
| 21 | Memory | Integer overflow in URL-encoding malloc (`len * 3`) | MEDIUM |
| 22 | Memory | Integer overflow in tmux allocation size | MEDIUM |
| 23 | Memory | Unchecked `calloc()` in terminal VT subsystem | MEDIUM |
| 24 | Memory | Unchecked `malloc()` in tmux layout | MEDIUM |
| 25 | Memory | Unchecked `realloc()` in dynamic buffer growth | MEDIUM |
| 26 | Memory | Missing NULL check after VT state `calloc()` | MEDIUM |
| 27 | Command Injection | Config-controlled inputs to `sx_system_safe()` | MEDIUM |
| 28 | Command Injection | `popen()` with repo-controlled `.csproj` paths | MEDIUM |
| 29 | Command Injection | User `!` shell escape to `sx_system_safe()` | MEDIUM |
| 30 | Command Injection | Windows `sx_rmrf()` via `system("rmdir /s /q")` | MEDIUM |
| 31 | Privilege | Root auto-skips `CLONE_NEWUSER` (Linux) | MEDIUM |
| 32 | Privilege | Seccomp allows `personality()` and `keyctl()` (Linux) | MEDIUM |
| 33 | Privilege | cgroup limits need host write access (Linux) | MEDIUM |
| 34 | Privilege | Signal forwarding cross-namespace risk (Linux) | MEDIUM |
| 35 | Install | `scorpioxcode.exe` no integrity check | MEDIUM |
| 36 | Install | `dist.scorpiox.net` missing HSTS header | MEDIUM |
| 37 | Install | No atomic install / partial state on interruption | MEDIUM |
| 38 | Install | No rollback mechanism on failed update | MEDIUM |
| 39 | Install | Windows `-ExecutionPolicy Bypass` | MEDIUM |

### Low Findings (45)

Key categories:
- **Network endpoints** (8): Hardcoded non-critical URLs, localhost bindings
- **Command injection** (10): Windows `system()` with validated inputs, Linux `sx_system_safe()` with controlled data
- **File I/O** (5): Default permissions, conversation file permissions, temp cleanup
- **Memory** (4): Diagnostic allocations, minor leak paths
- **Buffer** (2): Large stack buffers, tmux env injection
- **TLS** (2): mbedTLS no cert verify scope, opportunistic STARTTLS
- **Build** (3): Suppressed warnings, missing PIE, missing format-security
- **Windows deployment** (3): Unencrypted beam protocol, server binds 0.0.0.0, DNS binds 0.0.0.0
- **Telemetry** (2): Opt-in conversation/metadata transmission
- **Install** (4): Branch selection, chmod glob, RC file modification, no version pinning
- **Privilege** (2): KVM group requirement, cgroup write access

---

## 18. Conclusion & Recommendations

### Overall Assessment

SCORPIOX CODE demonstrates a **mature security posture** for an AI-powered development tool written in pure C. The zero-dependency architecture, comprehensive compiler hardening, and systematic command injection mitigation are notable strengths. The codebase has undergone visible iterative security improvement — evidenced by the completed `O_CLOEXEC` hardening pass, the CJ-01 through CJ-13 injection fix series, and the 39% reduction in findings since the previous audit.

### Priority Recommendations

#### Immediate (HIGH — before next release)

1. **Harden SHA256 verification** — change soft-fail to hard-fail in all install/update scripts
2. **Fix `snprintf` return clamping** in `scorpiox-server.c` lines 2107 and 2565 — trivial fix, pattern exists in same file
3. **Add allocation size bounds** in `sx_http_relay.c` — cap `body_len` and `err_len` to reasonable maximums
4. **Remove hardcoded IP** `20.53.240.54` from WASM embedded config — use hostname only

#### Short-Term (MEDIUM — within 30 days)

5. **Implement code signing** for distribution binaries (Authenticode for Windows, GPG for Linux)
6. **Add `scorpioxcode.exe` SHA256 verification** to Windows installer
7. **Replace Windows `system()`/`_popen()`** calls with `CreateProcess()` in OTP handler and `sx_rmrf()`
8. **Add HSTS header** to `dist.scorpiox.net` Caddy configuration
9. **Create `sx_fopen()` wrapper** that adds `"e"` mode flag for CLOEXEC on all platforms
10. **Add integer overflow checks** before allocation size calculations

#### Long-Term (LOW — within 90 days)

11. **Implement reproducible builds** with SLSA provenance attestation
12. **Add atomic install/rollback** to all platform installers
13. **Consider MSI installer** for Windows enterprise deployment (avoids `-ExecutionPolicy Bypass`)
14. **Separate checksum hosting** from binary hosting infrastructure
15. **Evaluate `-fPIE`/`-pie`** for dynamic build configurations

### Risk Rating Summary

| Scope | Rating | Rationale |
|-------|--------|-----------|
| **Overall** | LOW-MEDIUM | 0 critical, 12 high in 175 total findings across 404K LOC |
| **Windows Workstation** | LOW | 0 critical, 10 high (mostly cross-platform), clean platform separation |
| **Supply Chain** | LOW | Zero runtime deps, current vendored libs, no pre-built binaries |
| **Telemetry/Privacy** | LOW | All tracking disabled by default, no mandatory collection |
| **Install/Distribution** | MEDIUM | Soft-fail checksums, no code signing, single origin |
| **Network Security** | MEDIUM | All HTTPS, but hardcoded endpoints and configurable TLS bypass |
| **Memory/Buffer Safety** | MEDIUM | 99.93% safe string ops, but network-facing allocation bounds missing |

---

## 19. Appendix: Audit Methodology

### Audit Agents

| # | Agent | Scope |
|---|-------|-------|
| 01 | supply-chain | Package managers, vendored libraries, pre-built binaries, git submodules |
| 02 | build-provenance | Compiler flags, build system, code signing, SBOM, provenance |
| 03 | network-endpoints | Hardcoded URLs, IPs, domains, ports in all source files |
| 04 | tls-security | Certificate verification, protocol versions, cipher suites, plaintext |
| 05 | credential-hardcode | API keys, passwords, tokens, secrets, private keys in source |
| 06 | file-io | File operations, temp files, permissions, data at rest, logging |
| 07 | buffer-safety | sprintf/strcpy/strcat, stack buffers, bounds checking, format strings |
| 08 | memory-safety | malloc/calloc/realloc/free, NULL checks, use-after-free, double-free, integer overflow |
| 09 | command-injection | system(), popen(), exec*(), shell interpolation, input validation |
| 10 | privilege-access | setuid/setgid, root requirements, capabilities, namespace isolation |
| 11 | windows-deployment | Windows binary compilation, Win32 APIs, network, file I/O, risk |
| 12 | telemetry-tracking | Phone-home behavior, data collection, opt-in/out, startup calls |
| 13 | install-script | Install scripts, update mechanism, distribution integrity, code signing |

### Scan Coverage

| Metric | Value |
|--------|-------|
| Total files in repository | 680 |
| C/H source files scanned | 497 |
| Non-vendor source files | ~120 |
| Lines of code (project) | 174,441 |
| Lines of code (vendor) | 230,018 |
| Allocation sites analyzed | ~504 |
| Free sites analyzed | ~1,370 |
| String operation sites | ~2,855 |
| File I/O call sites | ~500+ |
| Network endpoints cataloged | 50+ |

### Severity Classification

| Severity | Definition |
|----------|------------|
| **Critical** | Remotely exploitable with no authentication; immediate code execution or data breach |
| **High** | Exploitable with limited prerequisites; significant impact on confidentiality, integrity, or availability |
| **Medium** | Exploitable with specific conditions; moderate impact or requires local access |
| **Low** | Minor security weakness; informational or defense-in-depth improvement |
| **Info** | Positive security control noted, or purely informational observation |

### Tools & Techniques

- Static analysis via pattern matching (grep, ripgrep) across all source files
- Manual code review of all flagged patterns with false-positive elimination
- Configuration analysis of build system (CMake), embedded configs, and install scripts
- Network endpoint enumeration via URL/IP/domain regex extraction
- Binary inventory via CMake target analysis
- Live server header inspection (HSTS, TLS version)
- Differential analysis against previous audit (`output/2026-04-29_3ad7dfc`)

---

*This report was generated by the SCORPIOX CODE Security Audit Pipeline on 2026-04-29. Classification: CONFIDENTIAL — For Corporate Review Only.*
