Third-Party Software Security Review — SCORPIOX CODE
| Field | Value |
|---|
| Software | SCORPIOX CODE |
| Type | AI-Powered Development Tool / CLI Platform |
| Language | Pure C (zero external dependencies) |
| Audit Date | 2026-04-29 |
| Codebase Commit | ca3fe9b31756f623e212b011debc7c6d119388f3 |
| Classification | CONFIDENTIAL — For Corporate Review Only |
1. Executive Summary
This report presents a comprehensive security audit of SCORPIOX CODE, an AI-powered development tool and CLI platform written in pure C with zero external runtime dependencies. The codebase spans 403,876 lines of code (173,858 first-party, 230,018 vendored) across approximately 149 non-vendor source files. Thirteen specialized audit agents analyzed the software across all major security domains.
Key Findings
| Severity | Count |
|---|
| Critical | 0 |
| High | 7 |
| Medium | 28 |
| Low | 37 |
| Info | 135 |
| Total | 207 |
Overall Risk Rating: LOW-MEDIUM
The software demonstrates mature security engineering practices across the majority of its codebase:
- Zero critical vulnerabilities were identified across all 13 audit domains.
- Buffer safety discipline is exceptional — 99.95% of 2,900+ string operations use bounds-checked functions (
snprintf, strncpy). No uses of strcpy, strcat, or gets were found.
- Memory safety is strong — 92%+ of 454 allocation sites have proper NULL checks. All
realloc patterns use safe temporary variables. The project's sx_strdup() wrapper aborts on OOM.
- Supply chain is clean — only 2 vendored C libraries (Mbed TLS 3.6.6, yyjson 0.12.0), both well-maintained and properly licensed. No pre-built binaries ship in the repository.
- All telemetry is disabled by default — no network calls at startup, no mandatory data collection. Both tracking subsystems (
USAGE_TRACKING, EMIT_SESSION_TRACKING) default to off.
- TLS defaults are strong — certificate verification is enabled by default with centralized configuration across all 9 curl callsites.
The 7 high-severity findings are concentrated in two areas:
Install script integrity (3 findings): Install scripts download archives without checksum verification, get.scorpiox.net accepts HTTP without redirect, and no code signing exists.
Command injection on Windows (2 findings): The HTTP server's Windows CGI path and git deploy handler use shell interpolation with incomplete sanitization.
Memory safety (1 finding): A fragile use-after-free contract in the provider vtable cleanup pattern.
Privilege isolation (1 finding): The --privileged container flag bypasses user namespace isolation.
For Windows workstation deployment (the primary corporate use case), the risk profile is LOW — the most concerning findings (install script integrity, Windows CGI injection) are either mitigable through network controls or limited to server-mode operation not typical of developer workstation use.
2. Deployment Scope
Windows Workstation (Primary Deployment Target)
The following binaries compile and deploy on Windows:
| Binary | Purpose |
|---|
sx.exe | Main AI-powered TUI — primary developer interface |
scorpiox.exe | Alias/launcher for sx |
scorpiox-bash.exe | Shell command execution tool for AI agent |
scorpiox-busybox.exe | Unix tool manager (MSYS2/BusyBox coreutils) |
scorpiox-screenshot.exe | Screen capture via Win32 GDI |
scorpiox-vi.exe | Built-in text editor |
scorpiox-config.exe | Configuration TUI editor |
scorpiox-websearch.exe | Web search tool |
scorpiox-fetch.exe | URL content fetcher (headless browser) |
scorpiox-renderimage.exe | Image rendering/display |
scorpiox-pwsh.exe | PowerShell execution wrapper |
scorpiox-wsl.exe | WSL2 distribution manager (Windows-only) |
Additional Windows-compiled binaries (43 total): scorpiox-agent, scorpiox-askuserquestion, scorpiox-beam, scorpiox-claudecode-fetchtoken, scorpiox-claudecode-models, scorpiox-claudecode-refreshtoken, scorpiox-codex-fetchtoken, scorpiox-codex-refreshtoken, scorpiox-conv, scorpiox-debug, scorpiox-dns, scorpiox-email, scorpiox-emit-session, scorpiox-frp, scorpiox-gemini, scorpiox-gemini-fetchtoken, scorpiox-hook, scorpiox-host, scorpiox-kql, scorpiox-logger, scorpiox-mcp, scorpiox-mirror-git, scorpiox-multiplexer, scorpiox-openai, scorpiox-otp, scorpiox-planmode, scorpiox-printlogs, scorpiox-rewind, scorpiox-sdk, scorpiox-search, scorpiox-server, scorpiox-server-email, scorpiox-server-fetchtoken, scorpiox-server-http2tcp, scorpiox-skills, scorpiox-systemprompt, scorpiox-tasks, scorpiox-tmux, scorpiox-transcript, scorpiox-usage, scorpiox-vault-git, scorpiox-voice.
Linux-Only Binaries (Not Deployed on Windows)
| Binary | Reason |
|---|
scorpiox-unshare | Linux namespaces / container runtime (CLONE_NEWNS, pivot_root) |
scorpiox-vm | KVM-based virtual machine (Linux ioctls) |
scorpiox-init | Container init process (PID 1 in namespaces) |
scorpiox-sshpass | SSH password automation (Unix PTY) |
scorpiox-traffic | Network traffic capture proxy (Unix-only) |
scorpiox-podman | Podman container integration |
scorpiox-cron | Cron-style scheduler |
scorpiox-docs | Documentation generator |
scorpiox-runtest | Test runner |
scorpiox-executecurl | Curl execution wrapper |
scorpiox-whatsapp | WhatsApp bridge (fork/pipe/select) |
scorpiox-thunderbolt4 | Thunderbolt 4 file transfer (raw BPF sockets) |
scorpiox-imessage | iMessage integration (macOS/Linux) |
Windows-Filtered Findings
When excluding findings that apply only to Linux-only components:
| Severity | All Platforms | Windows-Relevant |
|---|
| Critical | 0 | 0 |
| High | 7 | 6 |
| Medium | 28 | 23 |
| Low | 37 | 30 |
| Info | 135 | 133 |
| Total | 207 | 192 |
The reduction is primarily from Linux-specific findings in privilege management (container --privileged flag, thunderbolt4 root requirement, KVM access), file I/O (O_CLOEXEC, PID file TOCTOU), and command injection (Linux-only tool paths).
3. Changes Since Last Audit
| Field | Previous Audit | Current Audit | Delta |
|---|
| Audit Folder | output/2026-04-29_3ad7dfc | output/2026-04-29_ca3fe9b | — |
| Commit | 3ad7dfc | ca3fe9b | +21,111 LOC project code |
| Lines of Code (Total) | 381,273 | 403,876 | +22,603 |
| Lines of Code (Project) | 152,747 | 173,858 | +21,111 |
| Lines of Code (Vendor) | 228,526 | 230,018 | +1,492 |
Findings Delta by Severity
| Severity | Previous | Current | Change |
|---|
| Critical | 2 | 0 | −2 ✅ |
| High | 18 | 7 | −11 ✅ |
| Medium | 100 | 28 | −72 ✅ |
| Low | 60 | 37 | −23 ✅ |
| Info | 87 | 135 | +48 |
| Total | 286 | 207 | −79 ✅ |
Windows Findings Delta
| Severity | Previous | Current | Change |
|---|
| Critical | 1 | 0 | −1 ✅ |
| High | 5 | 6 | +1 |
| Medium | 42 | 23 | −19 ✅ |
| Low | 28 | 30 | +2 |
| Total (excl info) | 76 | 59 | −17 ✅ |
Summary: Significant improvement across all actionable severity levels. Critical findings dropped from 2 to 0, high findings reduced by 61%, and medium findings reduced by 72%. The increase in informational findings reflects more thorough enumeration of network endpoints and positive security controls (not security defects). The codebase grew by 21,111 lines of project code with a net
decrease in vulnerability count — indicating improved code quality practices.
4. Supply Chain & Dependencies
Agent Risk Rating: LOW
The project has a minimal and well-controlled supply chain:
| Component | Type | Version | License |
|---|
| Mbed TLS | Vendored C library | 3.6.6 (LTS) | Apache-2.0 / GPL-2.0+ |
| yyjson | Vendored C library (single-file) | 0.12.0 | MIT |
| MSYS2 GNU tools | Download script (Windows dev) | Various | GPL |
| Bun/npm | Bridge component only | lockfile-pinned | Various |
Key Positives:
- No
FetchContent, ExternalProject, or runtime dependency downloads in the CMake build
- No pre-built binaries in the repository — everything builds from source
- Alpine Docker base image is SHA256 digest-pinned
- Curl source download in ARM64 Dockerfile is integrity-verified
- npm/Bun dependencies are lockfile-pinned with integrity hashes
Findings:
| ID | Severity | Finding |
|---|
| M1 | Medium | gnuwin64/download.ps1 downloads MSYS2 packages without SHA256 checksum verification |
| M2 | Medium | Dockerfile.linux-arm64 uses ubuntu:22.04 without digest pin |
| L1 | Low | release_whatsapp.ps1 installs Bun via curl\ | bash without verification |
| L2 | Low | pip3 install requests without version pinning in ARM64 Dockerfile |
5. Build System & Code Provenance
Agent Risk Rating: LOW
The project uses a two-tier CMake build system (C11) with comprehensive security hardening:
| Security Flag | Status |
|---|
-Wall -Wextra | ✅ Full warnings |
-fstack-protector-strong | ✅ Stack canaries |
-D_FORTIFY_SOURCE=2 | ✅ Release mode |
-fcf-protection | ✅ GCC control-flow enforcement |
-Wl,-z,noexecstack | ✅ Non-executable stack |
-Wl,-z,relro,-z,now | ✅ Full RELRO |
-fPIE / -pie | ❌ Incompatible with static linking (expected) |
Build provenance is maintained via build-info.json files with commit hash, branch, date, and platform. Model header code generation (generate_models) is frozen by default (MODELS_FROZEN = True) and disabled in release builds.
Findings:
| ID | Severity | Finding |
|---|
| M1 | Medium | Bun runtime downloaded via curl\ | bash at build-time in WhatsApp release script |
| L1 | Low | Bridge Makefile missing linker hardening flags (RELRO, noexecstack) |
| L2 | Low | No reproducible build infrastructure (SOURCE_DATE_EPOCH not set) |
6. Network Endpoints
Agent Risk Rating: LOW
A total of 364 URL references were found (218 in vendored code, 146+ in project code). All external endpoints serve legitimate purposes:
| Category | Count | Examples |
|---|
| First-party infrastructure | 19 | dist.scorpiox.net, token.scorpiox.net, code.scorpiox.net |
| AI provider APIs | 15+ | Anthropic, OpenAI, Google Gemini, Codex endpoints |
| Search engines | 5+ | Google, Bing, DuckDuckGo, Brave, Kagi |
| Public DNS | 4 | 1.1.1.1, 8.8.8.8, 9.9.9.9, 208.67.222.222 |
| Localhost bindings | 5+ | 127.0.0.1 (properly scoped) |
Findings:
| ID | Severity | Finding |
|---|
| M1 | Medium | DNS server defaults to 0.0.0.0 binding (standard but broad) |
| L1 | Low | Some endpoints configurable via env vars without validation |
| L2 | Low | WhatsApp bridge connects to Meta infrastructure (expected) |
7. TLS/SSL Security
Agent Risk Rating: MEDIUM
The codebase has a centralized TLS configuration (sx_tls.h) that ensures consistent certificate verification across all 9 curl callsites. Defaults are strong with verification enabled.
Findings:
| ID | Severity | Finding |
|---|
| FINDING-01 | Medium | TLS verification globally disableable via single SX_TLS_VERIFY config flag — affects all 9 curl callsites |
| FINDING-04 | Medium | Missing mbedtls_ssl_conf_min_tls_version in 2 of 3 mbedTLS contexts (sxmail_queue.c, sx_frp.c) |
| FINDING-03 | Low | Opportunistic TLS with VERIFY_OPTIONAL for MX mail delivery (industry standard per RFC 3207) |
| FINDING-06 | Low | Non-PFS cipher suite (RSA key exchange) enabled alongside PFS suites |
| FINDING-08 | Low | HTTP credential injection over plaintext localhost IPC |
Positive Controls:
- Defense-in-depth defaults:
SX_TLS_VERIFY defaults to true with warning when disabled
- Fail-closed relay TLS: aborts when CA bundles fail to load
- STARTTLS enforcement on port 587 submission
- SNI hostname properly set in all mbedTLS contexts
- All external API endpoints default to HTTPS
- IMAPS (port 993) for IMAP connections
8. Hardcoded Credentials
Agent Risk Rating: LOW
No actual secrets, API keys, or passwords are hardcoded in the codebase. All credential configuration fields use empty-string placeholders, deferring injection to runtime.
Findings:
| ID | Severity | Finding |
|---|
| MEDIUM-01 | Medium | Default SSH username "root" hardcoded in embedded config (CLAUDE_CODE_SSH_USER) |
| MEDIUM-02 | Medium | Hardcoded private IP addresses (192.168.1.3, 192.168.1.6) in environment template |
| MEDIUM-03 | Medium | Hardcoded internal IP root@192.168.1.3 in release orchestration scripts |
| LOW-01 | Low | 15+ hardcoded internal service URLs compiled into binaries |
| LOW-02 | Low | Non-standard SSH port 22223 reveals infrastructure detail |
9. File I/O & Data Handling
Agent Risk Rating: LOW-MEDIUM
File I/O practices are generally strong:
- Exclusive use of
mkstemp()/mkdtemp() — zero uses of insecure tmpnam()/tempnam()
- Sensitive config files are
chmod 0600; directories are 0700
- API keys are redacted from traffic logs
- Atomic file writes via rename pattern in critical paths
Findings:
| ID | Severity | Finding |
|---|
| FIO-01 | Medium | Missing O_CLOEXEC on ~48 open() calls — FDs may leak to child processes |
| FIO-02 | Medium | PID file TOCTOU race condition (mitigated by socket bind) |
| FIO-03 | Medium | Gemini API key passed in URL query parameters — risk of exposure via intermediaries |
| FIO-04 | Low | Container device mount targets created 0666 |
| FIO-05 | Low | SMTP relay password not zeroed from memory after use |
| FIO-06 | Low | Release scripts pass passwords via command-line arguments |
| FIO-07 | Low | DNS audit log and hook log files world-readable (0644) |
10. Buffer Safety
Agent Risk Rating: LOW
Buffer safety discipline is exceptional across the codebase:
| Metric | Value |
|---|
snprintf usage | 2,252 calls |
strncpy usage | 601 calls |
Unsafe sprintf (real) | 1 (provably safe — bounded hex conversion) |
Unsafe strcpy / strcat / gets | 0 |
| Format string vulnerabilities | 0 |
Unbounded scanf | 0 |
| Safety ratio | >99.95% |
Findings:
| ID | Severity | Finding |
|---|
| MEDIUM-01 | Medium | snprintf return value accumulation without clamping in IMAP FETCH response builder — potential OOB write on truncation |
| MEDIUM-02 | Medium | Same pattern in RFC822 email message builder (scorpiox-email.c) — heap buffer overflow writing CRLF terminator |
| MEDIUM-03 | Medium | Same pattern in IMAP SEARCH response builder |
| LOW-01 | Low | 234 large stack buffers (≥4096 bytes) — stack exhaustion risk on deep recursion |
| LOW-02 | Low | Integer multiplication in malloc without overflow check |
| LOW-03 | Low | strncpy null-termination reliance patterns |
| LOW-04 | Low | Static 64KB buffers in WASM HTTP module |
11. Memory Safety
Agent Risk Rating: LOW
Memory management is well-disciplined:
| Metric | Value |
|---|
| Total allocation sites | ~454 |
| Sites with NULL check | ~419 (92%+) |
| Unsafe realloc patterns | 0 |
| Confirmed double-free | 0 |
strdup calls (via sx_strdup) | 402 (all abort-on-OOM) |
Findings:
| ID | Severity | Finding |
|---|
| FINDING-01 | High | Use-after-free risk in sx_provider_free() — vtable free() call followed by p->data = NULL write. Currently safe (all existing providers only free sub-resources), but fragile undocumented contract that breaks if any future provider frees p itself |
| FINDING-02 | Medium | Missing NULL checks in scorpiox-thunderbolt4.c buffer allocations — memory leak on OOM in error path |
| FINDING-04 | Low | Missing NULL check on sx_term.c capture buffer |
| FINDING-05–07 | Low | Redundant dead-code NULL check patterns (cosmetic) |
12. Command Injection
Agent Risk Rating: MEDIUM
Most code paths use fork()+execvp() (argv-based, no shell) — the safe approach. Where system()/popen() is used, input validation is generally present (is_safe_shell_arg(), SX_SANITIZE_CMD, character whitelisting, single-quote escaping).
Findings:
| ID | Severity | CVSS | Finding |
|---|
| CJ-01 | High | 8.1 | Windows HTTP server CGI path builds cmd /C with HTTP request fields via SX_SANITIZE_CMD — strips rather than rejects dangerous chars; does not filter \t, \0, @ |
| CJ-09 | High | 7.5 | Git deploy handler in HTTP server single-quote-wraps paths but does not escape embedded single quotes |
| CJ-02 | Medium | 6.3 | Image file paths interpolated into ffmpeg/convert/ffprobe shell commands — filenames with metacharacters could escape double-quoting |
| CJ-03 | Medium | 5.3 | sx_tool_exists() passes unsanitized tool name to which via popen() |
| CJ-05 | Medium | 5.9 | Windows agent tool-wait path uses system() with incomplete is_safe_shell_arg() validation |
| CJ-06 | Medium | 5.6 | Windows SSH command in scorpiox-tmux.c uses system() with unsanitized hostname |
| CJ-08 | Medium | 5.4 | Windows sx_rmrf() uses system("rd /s /q ...") with path interpolation |
13. Privilege & Access Control
Agent Risk Rating: MEDIUM
No setuid/setgid bits are set on any binary. The container runtime (scorpiox-unshare) implements comprehensive Linux namespace isolation with pivot_root.
Findings:
| ID | Severity | Finding |
|---|
| H-1 | High | --privileged flag bypasses user namespace isolation in scorpiox-unshare (Linux-only, requires root) |
| M-1 | Medium | scorpiox-thunderbolt4 requires unconditional root — could use CAP_NET_RAW instead |
| M-2 | Medium | DNS server does not drop privileges after binding to port 53 |
| M-3 | Medium | sx_system_safe() passes commands through /bin/sh -c despite its name |
| L-1 | Low | Chroot paths in unshare container built via string formatting |
| L-2 | Low | Agent metacharacter filtering for is_safe_shell_arg() is incomplete |
| L-3 | Low | KVM VM requires /dev/kvm group membership |
Positive Controls:
- Container runtime implements
CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNET
- Filesystem isolation via
pivot_root() with old root unmounted
- Mount hardening:
MS_NOSUID | MS_NODEV | MS_NOEXEC on proc, sysfs, devpts
- IPC exclusively via pipes (minimal attack surface)
- No shared memory, Unix domain sockets, or message queues for IPC
14. Windows Deployment Analysis
Agent Risk Rating: LOW
The Windows deployment surface is clean and well-structured:
- 53 binaries compile on Windows; 13 are correctly excluded as Linux-only
- Platform-specific code is properly guarded with
#ifdef SX_WINDOWS / if(WIN32) CMake guards
- No registry access, service installation, UAC elevation, or DLL injection patterns found
- Standard Win32 API usage: WinINet,
CreateProcessA, GDI (screenshot), Winsock2, bcrypt
- Self-update mechanism (
scorpiox-wsl) verifies SHA256 checksums of downloaded binaries
- Uses
_spawnvp and CreateProcessA (safe) rather than system() for WSL invocation
| Observation | Detail |
|---|
| Self-update integrity | SHA256 verified via .sha256 sidecar file (falls through if unavailable) |
| Network surface | Server binaries bind to configurable addresses; none require elevation |
| Optional DLL | libsx.dll (C# P/Invoke) — standard export pattern, no elevated concerns |
15. Telemetry and Tracking
Agent Risk Rating: LOW
Verdict: No tracking by default.
| Config Key | Default | Meaning |
|---|
USAGE_TRACKING | "0" (off) | Token usage reporting |
EMIT_SESSION_TRACKING | "0" (off) | Session event telemetry |
WA_BRIDGE_AUTO_UPDATE | "on-demand" | WhatsApp bridge updates |
- No network calls at startup in the main
sx binary
- No mandatory data collection exists that cannot be disabled
- When tracking is explicitly enabled, data includes: session metadata, token counts, machine fingerprint (hostname, username, OS), and project context
EMIT_SESSION_TRACKING (when enabled) sends full conversation content — users should be aware of scope
For zero-tracking corporate deployment, no configuration changes are needed — defaults are already off.
Findings:
| ID | Severity | Finding |
|---|
| TEL-01 | Low | Usage tracking guard uses opt-out pattern (if value == "0") instead of opt-in (if value == "1") — NULL would bypass, mitigated by config always providing default "0" |
16. Install Script & Distribution Security
Agent Risk Rating: MEDIUM
The installation mechanism uses curl|bash / iwr|iex pattern. While internal components (scorpiox-wsl, libsxbridge) implement SHA256 verification, the user-facing install scripts do not.
Findings:
| ID | Severity | Finding |
|---|
| F-01 | High | Install scripts download archives without checksum verification — SHA256 sidecars exist but are not consumed |
| F-02 | High | get.scorpiox.net serves install scripts over HTTP without redirect to HTTPS |
| F-03 | High | No code signing or GPG signature verification on downloaded binaries |
| F-04 | Medium | Non-atomic installation — interrupted downloads leave partial state |
| F-05 | Medium | Embedded scorpiox-update mechanism has no checksum verification |
| F-06 | Medium | Linux installer writes to /usr/local/bin with sudo |
| F-07 | Medium | Windows updater .cmd wrapper bypasses PowerShell execution policy |
| F-08 | Low | No HSTS header on dist.scorpiox.net |
| F-09 | Low | No uninstall mechanism or documentation |
| F-10 | Low | macOS installer modifies shell rc files without backup |
| F-11 | Low | Branch-based distribution allows index.txt hijack to redirect to arbitrary branch |
Positive Controls:
- SHA256 checksums are generated and published alongside archives during release
- Per-commit build provenance (
build-info.json) is published
dist.scorpiox.net redirects HTTP→HTTPS (308 Permanent Redirect)
- C-level components implement SHA256 verification (WSL: open, Bridge: fail-closed)
17. Consolidated Risk Matrix
| # | Area | Finding | Severity | Status | Recommendation |
|---|
| 1 | Install Script | Archives downloaded without checksum verification | HIGH | Open | Consume existing .sha256 sidecar files in install scripts |
| 2 | Install Script | get.scorpiox.net serves over HTTP | HIGH | Open | Enforce HTTPS redirect on install script server |
| 3 | Install Script | No code signing on binaries | HIGH | Open | Implement GPG or Sigstore signing for release artifacts |
| 4 | Command Injection | Windows CGI cmd /C with incomplete sanitization | HIGH | Partial | Use CreateProcess() with environment block instead of cmd /C |
| 5 | Command Injection | Git deploy handler missing single-quote escaping | HIGH | Partial | Use fork()+execvp() with argv array |
| 6 | Memory Safety | Use-after-free risk in provider vtable cleanup | HIGH | Latent | Document invariant or restructure to set p->data = NULL before vtable->free() |
| 7 | Privilege Access | --privileged bypasses namespace isolation | HIGH | By Design | Add explicit documentation and --yes-i-know confirmation |
| 8 | TLS Security | Global TLS verification toggle affects all endpoints | Medium | Mitigated | Make per-module or add persistent visual warning |
| 9 | TLS Security | Missing minimum TLS version in 2 of 3 mbedTLS contexts | Medium | Open | Add mbedtls_ssl_conf_min_tls_version(TLS1_2) to all contexts |
| 10 | Credential Hardcode | Default SSH user "root" in embedded config | Medium | Open | Change default to non-privileged service account |
| 11 | Credential Hardcode | Hardcoded private IPs in environment template | Medium | Open | Replace with placeholder values |
| 12 | Credential Hardcode | Hardcoded internal IP in release scripts | Medium | Open | Use configurable $BUILD_HOST variable |
| 13 | File I/O | Missing O_CLOEXEC on ~48 file descriptors | Medium | Open | Add O_CLOEXEC to all open() calls |
| 14 | File I/O | Gemini API key in URL query parameters | Medium | Open | Move to request header or POST body |
| 15 | File I/O | PID file TOCTOU race condition | Medium | Mitigated | Socket bind provides secondary protection |
| 16 | Buffer Safety | snprintf return value accumulation (3 sites) | Medium | Open | Clamp rl after each snprintf to prevent unsigned underflow |
| 17 | Command Injection | Image path injection via ffmpeg/convert shell commands | Medium | Open | Use fork()+execvp() with discrete argv arguments |
| 18 | Command Injection | sx_tool_exists() unsanitized tool name in popen() | Medium | Open | Use fork()+execvp() for which lookup |
| 19 | Command Injection | Windows agent tool-wait via system() | Medium | Partial | Migrate to CreateProcess() with argv |
| 20 | Command Injection | Windows SSH command via system() | Medium | Open | Use CreateProcess() or _spawnvp() |
| 21 | Command Injection | Windows sx_rmrf() via system("rd /s /q") | Medium | Open | Use RemoveDirectoryW() Win32 API |
| 22 | Privilege Access | DNS server doesn't drop privileges after port 53 bind | Medium | Open | Implement setuid(nobody) after bind |
| 23 | Privilege Access | sx_system_safe() misleading name — uses /bin/sh -c | Medium | Open | Rename or refactor to use execvp() |
| 24 | Privilege Access | Thunderbolt4 requires full root (could use CAP_NET_RAW) | Medium | Open | Support Linux capabilities as alternative |
| 25 | Install Script | Non-atomic installation | Medium | Open | Implement staging directory + atomic rename |
| 26 | Install Script | scorpiox-update lacks checksum verification | Medium | Open | Port verify_sha256 from C code to update scripts |
| 27 | Install Script | Linux installer uses sudo for /usr/local/bin | Medium | Open | Offer user-local install option (~/.local/bin) |
| 28 | Install Script | Windows .cmd wrapper bypasses execution policy | Medium | Open | Document security implication; offer signed script alternative |
| 29 | Supply Chain | MSYS2 downloads without integrity verification | Medium | Open | Add SHA256 checksum verification to download.ps1 |
| 30 | Supply Chain | Unpinned Docker base image (ubuntu:22.04) | Medium | Open | Pin to specific SHA256 digest |
| 31 | Build Provenance | Bun runtime via curl\ | bash in release script | Medium | Open | Pin Bun version and verify install script hash |
| 32 | Network Endpoints | DNS server default 0.0.0.0 binding | Medium | Open | Document and/or default to 127.0.0.1 |
| 33 | Memory Safety | Thunderbolt4 buffer allocation leak on OOM | Medium | Open | Free all buffers individually in error path |
18. Conclusion & Recommendations
Overall Assessment
SCORPIOX CODE demonstrates a mature security posture for a large C codebase. The software exhibits:
- Architectural security awareness: centralized TLS configuration,
fork()+execvp() preference over system(), abort-on-OOM wrappers, mkstemp() for all temp files, comprehensive namespace isolation in the container runtime
- Zero critical vulnerabilities across 13 audit domains and 403,876 lines of code
- Significant improvement over the previous audit: critical findings eliminated (2→0), high findings reduced by 61%, medium findings reduced by 72%
- Privacy-respecting defaults: all telemetry disabled by default, no startup network activity
Priority Recommendations
Immediate (High Priority):
Implement checksum verification in install scripts — the infrastructure already generates SHA256 sidecars; install scripts need to consume them
Enforce HTTPS on get.scorpiox.net — add HTTP→HTTPS redirect for the install script server
Migrate Windows cmd /C CGI path to CreateProcess() — eliminate shell interpolation for HTTP-received inputs
Document the provider vtable memory contract — add explicit comment that vtable->free() must not free the provider struct itself, or restructure the cleanup order
Short-Term (Medium Priority):
Add O_CLOEXEC to all open() calls across the codebase
Clamp snprintf return values in accumulation patterns (IMAP, email builders)
Migrate remaining popen()/system() calls on Windows to CreateProcess() with argv arrays
Add mbedtls_ssl_conf_min_tls_version() to all mbedTLS contexts
Replace hardcoded internal IPs with configurable variables
Implement code signing for release artifacts (Sigstore/GPG)
Long-Term (Hardening):
Implement atomic installation with staging directory
Add privilege dropping after binding privileged ports
Consider DANE/TLSA or MTA-STS for outbound mail TLS
Add per-module TLS verification controls instead of global toggle
Provide uninstall mechanism across all platforms
Windows Workstation Risk Rating
For the primary deployment scenario of Windows developer workstations using the CLI tools (not running server components):
Risk: LOW — The software is safe for Windows workstation deployment. The highest-risk findings (install script integrity, Windows CGI injection) are mitigated by:
- Corporate deployment can distribute binaries via internal package management, bypassing the install script entirely
- CGI/server functionality is not part of typical developer workstation use
- No registry modification, UAC elevation, or service installation patterns
- All telemetry disabled by default
- Self-update mechanism (WSL helper) implements SHA256 verification
19. Appendix: Audit Methodology
Audit Agents
| # | Agent | Scope |
|---|
| 01 | supply-chain | Package managers, vendored libraries, pre-built binaries, Docker base images |
| 02 | build-provenance | CMake configuration, compiler flags, security hardening, linking, release scripts |
| 03 | network-endpoints | Hardcoded URLs, IP addresses, domain names, ports, binding behavior |
| 04 | tls-security | Certificate verification, TLS versions, cipher suites, plaintext protocols |
| 05 | credential-hardcode | API keys, passwords, tokens, secrets, infrastructure details in source |
| 06 | file-io | Temp files, directory permissions, data at rest, logging, path traversal |
| 07 | buffer-safety | String operations, snprintf/sprintf, format strings, scanf, stack buffers |
| 08 | memory-safety | malloc NULL checks, use-after-free, double-free, realloc patterns, leaks |
| 09 | command-injection | system(), popen(), exec*() calls, shell interpolation, input sanitization |
| 10 | privilege-access | setuid/setgid, root requirements, namespace isolation, process spawning, IPC |
| 11 | windows-deployment | Windows binary compilation, Win32 API usage, network surface, self-update |
| 12 | telemetry-tracking | Data collection inventory, opt-in/opt-out behavior, startup network activity |
| 13 | install-script | Install scripts, update mechanism, distribution integrity, release pipeline |
Tools & Techniques
- Static analysis via
grep, awk, and pattern matching across all non-vendor source files
- Manual code review of all flagged patterns with context analysis
- CWE classification for all confirmed findings
- CVSS scoring for command injection findings
- Cross-reference between audit domains (e.g., TLS findings validated against network endpoint inventory)
- Comparison against industry best practices (Homebrew, rustup, nvm for install scripts)
Scope Exclusions
- Vendored library internals (Mbed TLS, yyjson) — assessed at version/CVE level only
- Runtime behavior / dynamic analysis — this is a static source code audit
- Third-party API security (Anthropic, OpenAI, Google) — out of scope
- Infrastructure security of distribution servers — limited to observable behavior
Report generated by automated security audit pipeline — 13 agents, unified analysis
Classification: CONFIDENTIAL — For Corporate Review Only