📄 security-audit-report.md
⬇ Download Raw

Third-Party Software Security Review — SCORPIOX CODE

FieldValue
SoftwareSCORPIOX CODE
TypeAI-Powered Development Tool / CLI Platform
LanguagePure C (zero external dependencies)
Audit Date2026-04-30
Codebase Commit6851bc0655990614ff2594c5c605234f6f07286b
ClassificationCONFIDENTIAL — For Corporate Review Only

1. Executive Summary

This report presents the findings of a comprehensive, multi-agent security audit of SCORPIOX CODE, an AI-powered development tool and CLI platform written in pure C. The audit encompassed 14 specialist assessments covering supply chain integrity, build provenance, network security, TLS configuration, credential management, file I/O safety, buffer and memory safety, command injection vectors, privilege and access control, Windows deployment, telemetry practices, install script security, and the WPF desktop launcher.

Key Metrics

MetricValue
Total Findings225
Critical2
High6
Medium38
Low55
Informational124
Overall Risk RatingLOW-MEDIUM
Lines of Code (Project)147,742
Lines of Code (Vendor)228,140
Lines of Code (Total)405,182
Audit Agents Deployed14

Summary of Findings

The codebase demonstrates a mature security posture for a pure-C project of this scale. Highlights include:

The two critical findings relate to: (1) a hardcoded public IP address for a TCP relay server, and (2) a --privileged container mode that bypasses namespace isolation with insufficient access controls. Both are in Linux-only code paths and do not affect the Windows deployment scope.

For Windows workstation deployment, the effective risk is LOW — the 2 critical and 4 of 6 high-severity findings are in Linux-only binaries (scorpiox-unshare, scorpiox-traffic) that do not compile or ship on Windows.

2. Deployment Scope

2.1 Windows Workstation (Primary Deployment Target)

The following binaries compile and ship on Windows:

BinaryPurpose
sx.exe / scorpiox.exePrimary TUI — AI chat interface
scorpiox-bash.exeBash-compatible shell (bundled)
scorpiox-busybox.exeUnix tool manager for Windows
scorpiox-screenshot.exeScreen capture utility
scorpiox-vi.exeText editor
scorpiox-config.exeConfiguration management
scorpiox-websearch.exeWeb search tool
scorpiox-fetch.exeURL content fetcher
scorpiox-renderimage.exeImage renderer
scorpiox-pwsh.exePowerShell API bridge
scorpiox-wsl.exeWSL2 distro manager (Windows-only)
scorpiox-tmux.exeSession multiplexer
scorpiox-voice.exeVoice recording / transcription
scorpiox-gemini.exeGemini API proxy
scorpiox-openai.exeOpenAI API proxy
scorpiox-host.exeLocal API server
scorpiox-mcp.exeMCP protocol handler
scorpiox-agent.exeAgent orchestrator
scorpiox-beam.exeFile transfer
scorpiox-sdk.exeSDK host server
scorpiox-email.exeEmail client
scorpiox-frp.exeFast reverse proxy client
scorpiox-hook.exeGit hook manager
scorpiox-vault-git.exeGit vault manager
scorpiox-mirror-git.exeGit mirror manager
scorpiox-dns.exeDNS resolver
scorpiox-kql.exeKQL query tool
scorpioxcode.exeWPF desktop launcher (.NET)

2.2 Linux-Only Binaries (Not Deployed on Windows)

BinaryPurpose
scorpiox-unshareRootless container runtime
scorpiox-vmKVM virtual machine runner
scorpiox-initContainer init process
scorpiox-sshpassSSH password wrapper
scorpiox-trafficNetwork traffic capture proxy
scorpiox-podmanPodman container wrapper
scorpiox-docsDocumentation server
scorpiox-runtestTest runner
scorpiox-executecurlCurl executor
scorpiox-cronCron scheduler
scorpiox-whatsappWhatsApp bridge

2.3 Windows-Filtered Findings

SeverityAll PlatformsWindows-OnlyReduction
Critical20−2
High62−4
Medium3825−13
Low5540−15
Total (excl. Info)10167−34 (34% reduction)
Windows-specific risk rating: LOW

3. Changes Since Last Audit

The previous audit was conducted on 2026-04-30 against commit 60a9c05.

SeverityPrevious (60a9c05)Current (6851bc0)Delta
Critical220
High86−2
Medium3738+1
Low5355+2
Info109124+15
Total209225+16
Key Changes:

4. Supply Chain & Dependencies

Agent: supply-chain | Risk: LOW | Findings: 0C / 0H / 0M / 3L / 5I

The project maintains a minimal supply chain footprint:

- Mbed TLS 3.6.6 — Latest LTS release (2026-03-31), all 11 security advisories addressed. Apache-2.0/GPL-2.0+ dual license. 208,584 lines.

- yyjson 0.12.0 — Current release (2025-10-25), no known CVEs. MIT license. 19,556 lines.


5. Build System & Code Provenance

Agent: build-provenance | Risk: LOW | Findings: 0C / 0H / 0M / 3L / 5I

Build Security Hardening

Compiler/Linker FlagStatus
-Wall -Wextra✅ Enabled
-fstack-protector-strong✅ Enabled
-D_FORTIFY_SOURCE=2✅ Release builds
-fcf-protection✅ GCC (Control-Flow Enforcement)
-Wl,-z,relro,-z,now✅ Full RELRO
-Wl,-z,noexecstack✅ Non-executable stack
-O2✅ Release optimization
-fPIE / -pie❌ Not set (static builds)
-Wformat-security❌ Not explicitly set

Notable Gaps


6. Network Endpoints

Agent: network-endpoints | Risk: MEDIUM | Findings: 1C / 3H / 18M / 16L / 55I

The codebase contains 79 unique hardcoded network endpoints across 38 source files:

Critical / High Findings

IDSeverityFinding
NET-01CRITICALHardcoded public IP 20.53.240.54 as TCP_HOST default — embeds infrastructure topology in binary
NET-02HIGHPlaintext HTTP on http://localhost:8080 for scorpiox-host API (localhost-only, but no TLS)
NET-03HIGHPlaintext HTTP for FRP admin panel (http://127.0.0.1:7400)
NET-04HIGHPlaintext HTTP for Chrome DevTools Protocol WebSocket (ws://127.0.0.1:PORT)

External API Endpoints (Medium)

6 external AI provider API endpoints are hardcoded as defaults but are configurable:

All external endpoints use HTTPS. Internal infrastructure endpoints use first-party domains with HTTPS.

Localhost Services

Multiple localhost-bound services (scorpiox-host, scorpiox-pwsh, scorpiox-sdk, fetchtoken services) bind to 127.0.0.1 only, using INADDR_LOOPBACK — correct isolation for local API servers.


7. TLS/SSL Security

Agent: tls-security | Risk: MEDIUM | Findings: 0C / 1H / 3M / 3L / 0I

Positive Architecture

Findings

IDSeverityFindingWindows Impact
TLS-01HIGHSX_TLS_VERIFY config can globally disable certificate verification for all HTTPS connections✅ Affects Windows
TLS-02MEDIUMTraffic proxy disables TLS verification in child processes (NODE_TLS_REJECT_UNAUTHORIZED=0)❌ Linux only
TLS-03MEDIUMSMTP server offers AUTH PLAIN over plaintext on port 25❌ Server-side
TLS-04MEDIUMOpportunistic TLS for outbound MX delivery with optional cert verification❌ Server-side
TLS-05LOWWebSocket-to-TCP bridge (ws2tcp) has no TLS support❌ Linux only
TLS-06LOWToken fetch uses plaintext TCP to 20.53.240.54:9800 (pre-TLS bootstrap)✅ Affects Windows
TLS-07LOWSTARTTLS for inbound SMTP — correct but noted for completeness❌ Server-side

8. Hardcoded Credentials

Agent: credential-hardcode | Risk: LOW | Findings: 0C / 0H / 0M / 2L / 4I No actual secrets are hardcoded. All API key and token fields are defined as empty strings with runtime population via environment variables, configuration files, or remote token fetching.
IDSeverityFinding
CRED-01LOWHardcoded TCP server IP (20.53.240.54) in embedded config — infrastructure endpoint, not a credential
CRED-02LOWInternal network IPs and usernames in build scripts (192.168.x.x, Administrator, root) — passwords correctly use env vars
CRED-03INFOProxy/registry domain names in embedded config — URL endpoints, not secrets
CRED-04INFOAll API key fields properly empty (ANTHROPIC_API_KEY="", OPENAI_API_KEY="", etc.)
CRED-05INFOToken fetch endpoints defined but require remote authentication
CRED-06INFOGit credential helpers use system keychain integration

9. File I/O & Data Handling

Agent: file-io | Risk: LOW | Findings: 0C / 0H / 3M / 7L / 12I

Strengths

Key Findings

IDSeverityFindingWindows Impact
FIO-05MEDIUMAPI request/response bodies written to traffic logs without cleanup policy❌ Linux only
FIO-06MEDIUMPredictable /tmp/scorpiox-* paths (potential symlink attacks in multi-user)❌ Linux only
FIO-07MEDIUMSession files in ~/.scorpiox/sessions/ contain full conversation data at rest✅ Windows
FIO-02LOW34 /dev/null open() calls without O_CLOEXEC (pre-exec, negligible risk)❌ Linux only
FIO-08–11LOWConfig file permissions world-readable, log files lack rotation, symlink follow in file opsMixed

10. Buffer Safety

Agent: buffer-safety | Risk: LOW | Findings: 0C / 0H / 1M / 2L / 4I

Exceptional Results

MetricValue
snprintf calls2,234
strncpy calls601
strncat calls14
sprintf calls (project)1 (safe in context)
strcpy / strcat / gets / scanf0
Safe:Unsafe ratio2,849:1

Findings

IDSeverityFindingWindows Impact
BUF-01MEDIUMUnvalidated network-controlled malloc size in tb4_test.c — test utility, not production❌ Test code
BUF-02LOWSingle sprintf in scorpiox-vm.c (safe — fixed-size hex encoding)❌ Linux only
BUF-03LOWVendor sprintf fallback in yyjson (pre-C99 only)N/A
BUF-04INFO221 large stack buffers (≥4096 bytes) — all bounded-write verified✅ Mixed

11. Memory Safety

Agent: memory-safety | Risk: LOW | Findings: 0C / 0H / 0M / 2L / 5I

Complete Coverage

MetricValue
malloc() call sites298 — 100% NULL-checked
calloc() call sites99 — 100% NULL-checked
realloc() call sites111 — 100% safe-pattern
free() call sites1,430
strdup()/sx_strdup()427 — OOM-safe wrapper

Findings

IDSeverityFinding
MEM-01LOWPotential memory leak on error paths in 2 parsing functions (non-critical paths)
MEM-02LOWsx_strdup() abort-on-OOM prevents graceful degradation in low-memory scenarios

12. Command Injection

Agent: command-injection | Risk: LOW | Findings: 0C / 0H / 3M / 2L / 1I

The codebase shows a mature, security-conscious approach to command execution:

Findings

IDSeverityFindingWindows Impact
CJ-01INFOShell escape (! prefix) — intentional user command execution, by design✅ Both
CJ-02MEDIUMSlash command script execution with unsanitized cmd_args in shell string✅ Windows
CJ-03MEDIUMWindows system() calls with config-derived values in scorpiox-tmux.c✅ Windows
CJ-04MEDIUMPowerShell execution via _spawnlp with user-provided script paths✅ Windows
CJ-05LOWpopen() usage in Windows codepaths for subprocess output capture✅ Windows
CJ-06LOWsx_system_safe() on Windows uses system() (CreateProcess would be safer)✅ Windows

13. Privilege & Access Control

Agent: privilege-access | Risk: MEDIUM | Findings: 1C / 2H / 4M / 4L / 5I

Critical / High Findings

IDSeverityFindingWindows Impact
C-01CRITICAL--privileged container mode bypasses user namespace isolation — grants full host root❌ Linux only
H-01HIGHSeccomp filter only blocks 2 syscalls (industry standard: 40+)❌ Linux only
H-02HIGHOnly CAP_IPC_LOCK dropped from capability bounding set❌ Linux only

Medium Findings

IDSeverityFindingWindows Impact
M-01MEDIUMWSL execution runs as root user inside container✅ Windows (WSL)
M-02MEDIUMKVM device access requires /dev/kvm permissions❌ Linux only
M-03MEDIUMscorpiox-thunderbolt4 requires real root (getuid() == 0)❌ Linux only
M-04MEDIUMFork-bomb potential in recursive agent spawning✅ Both
Windows Impact: Only 2 of 16 privilege findings (M-01, M-04) apply to Windows deployments. The critical and both high findings are Linux container runtime code that does not compile on Windows.

14. Windows Deployment Analysis

Agent: windows-deployment | Risk: LOW | Findings: 0C / 0H / 0M / 0L / 7I

This agent performed a comprehensive analysis of all 51 binaries that compile on Windows (2 Windows-only + 49 cross-platform). Key findings:

All 7 findings are informational, documenting architecture and confirming secure defaults.


15. Telemetry and Tracking

Agent: telemetry-tracking | Risk: LOW | Findings: 0C / 0H / 0M / 2L / 6I

Key Conclusion: No Tracking By Default

FeatureDefaultData Collected
Usage Tracking (USAGE_TRACKING)OFF (0)Token counts, model name, hostname, username, project name — no conversation content
Session Telemetry (EMIT_SESSION_TRACKING)OFF (0)Full conversation messages (user, assistant, tool calls, thinking)
Auto-UpdateOn-demand onlyNo background update checks
HooksLocal scripts onlyNo network activity

When Enabled (Opt-In)

Findings

IDSeverityFinding
TEL-01LOWHostname and username included in usage telemetry when enabled — PII exposure
TEL-02LOWSession telemetry includes full conversation content when enabled — significant privacy risk if opted in

16. Install Script & Distribution Security

Agent: install-script | Risk: LOW-MEDIUM | Findings: 0C / 0H / 3M / 6L / 11I

Distribution Architecture

PlatformInstall MethodLocationAdmin Required
Linuxcurl \bash/usr/local/binsudo
macOScurl \bash~/.scorpioxNo
Windowsiwr \iex (PowerShell)$env:LOCALAPPDATA\scorpioxNo

Security Strengths

Key Findings

IDSeverityFindingWindows Impact
INST-01MEDIUMNo cryptographic code signing (GPG, cosign, Authenticode) on any release artifacts✅ Windows
INST-02MEDIUMSHA256 checksums served from same origin as archives (TOFU model)✅ Both
INST-03MEDIUM--no-verify flag allows bypassing SHA256 verification (Linux/macOS only)❌ Linux/macOS
INST-04LOWNo atomic install — interrupted download can leave partial state✅ Both
INST-05LOWNo cleanup trap on signal interruption❌ Linux/macOS
INST-06LOWWindows update wrapper uses -ExecutionPolicy Bypass✅ Windows
INST-07LOWNo build reproducibility — builds on private infrastructure✅ Both
INST-08LOWmacOS installer modifies shell configs without backup❌ macOS
INST-09LOWindex.txt branch selector is unauthenticated✅ Both

17. Consolidated Risk Matrix

#AreaFindingSeverityWindowsRecommendation
1NetworkHardcoded public IP 20.53.240.54 as TCP relay defaultCRITICALReplace with DNS hostname; allow config override
2Privilege--privileged container mode bypasses namespace isolationCRITICALAdd confirmation gate, audit logging; remove from production builds
3PrivilegeSeccomp filter only blocks 2 of 40+ recommended syscallsHIGHExpand to match Docker default seccomp profile
4PrivilegeOnly CAP_IPC_LOCK dropped from capability bounding setHIGHDrop CAP_SYS_ADMIN, CAP_NET_RAW, CAP_SYS_PTRACE, etc.
5TLSGlobal TLS verification kill-switch (SX_TLS_VERIFY=0)HIGHRemove global override; use per-endpoint config or restrict to debug builds
6NetworkPlaintext HTTP for localhost API servicesHIGHAdd optional TLS for localhost services; document risk
7NetworkPlaintext HTTP for FRP admin panelHIGHAdd TLS support for admin interface
8NetworkPlaintext HTTP for Chrome DevTools ProtocolHIGHDocument as inherent CDP limitation
9NetworkExternal API endpoints hardcoded as defaultsMEDIUMAlready configurable; document override mechanism
10TLSTraffic proxy disables TLS verification in child processesMEDIUMRely on injected CA bundle; remove NODE_TLS_REJECT_UNAUTHORIZED=0
11TLSSMTP AUTH PLAIN offered over plaintext port 25MEDIUMRequire STARTTLS before AUTH on port 25
12TLSOpportunistic TLS for outbound MX deliveryMEDIUMDocument as standard MX behavior
13File I/OSession files contain full conversation data at restMEDIUMDocument data-at-rest policy; consider encryption
14File I/OTraffic logs contain API request/response bodiesMEDIUMAdd log rotation and cleanup policy
15File I/OPredictable /tmp/scorpiox-* pathsMEDIUMUse mkdtemp() for temp directories
16Cmd InjSlash command cmd_args unsanitized in shell stringMEDIUMUse execvp() with argv array; escape single quotes
17Cmd InjWindows system() with config-derived values in tmuxMEDIUMUse CreateProcess with argument array
18Cmd InjPowerShell execution via _spawnlp with user pathsMEDIUMValidate/sanitize script paths
19PrivilegeWSL runs as root inside containerMEDIUMCreate non-root user in WSL distros
20PrivilegeFork-bomb potential in recursive agent spawningMEDIUMAdd depth/count limits for agent recursion
21BufferUnvalidated network-controlled malloc size (test utility)MEDIUMAdd upper bound check
22InstallNo cryptographic code signing on releasesMEDIUMImplement Authenticode signing for Windows; GPG for Linux/macOS
23InstallSHA256 checksums from same origin (TOFU)MEDIUMPublish checksums via independent channel
24Install--no-verify bypasses checksum verificationMEDIUMRemove flag or add explicit risk acknowledgment
25WPFMissing HTTPS scheme in downloader fallbackMEDIUMEnforce HTTPS scheme validation
26WPFiwr \iex install pattern in downloaderMEDIUMUse direct HTTP download with verification
27WPFTelemetry data exposure via session eventsMEDIUMDocument data exposure; add consent UI
28Supplynpm @whiskeysockets/baileys semver range ^7.0.0-rc.9LOWPin exact version
29BuildPIE/ASLR not enabled for static Linux buildsLOWAdd -fPIE/-pie for dynamic builds
30CredHardcoded internal network IPs in build scriptsLOWMove to environment variables
31TLSPlaintext TCP for token fetch bootstrapLOWMigrate to TLS for token fetch
32InstallNo atomic install; interrupted downloads leave partial stateLOWUse temp directory + atomic rename
33InstallWindows update uses -ExecutionPolicy BypassLOWDocument implications; consider signed scripts
34TelemetryHostname/username in usage telemetry when enabledLOWHash or anonymize PII fields
35TelemetryFull conversation content in session telemetry when enabledLOWAdd prominent privacy warning at opt-in

18. Conclusion & Recommendations

Overall Assessment

SCORPIOX CODE demonstrates a mature security posture for a pure-C project of significant scale (147,742 lines of project code). The codebase exhibits disciplined engineering practices:

  • Memory safety is exemplary — 100% NULL-check coverage on allocations, safe realloc patterns, no unsafe string functions, OOM-safe wrappers
  • Supply chain is minimal and current — only 2 vendored libraries, both at latest versions, no dynamic dependency fetching
  • No telemetry by default — all tracking is opt-in with clear configuration keys
  • Strong build hardening — stack protectors, FORTIFY_SOURCE, RELRO, non-executable stack
  • File I/O discipline — centralized CLOEXEC wrapper, consistent mkstemp usage, sensitive data redaction
  • Priority Recommendations

    Immediate (Critical/High — Windows-relevant):
  • Replace hardcoded IP 20.53.240.54 with DNS hostname for TCP relay — reduces infrastructure coupling and enables rotation
  • Restrict TLS verification kill-switch — remove ability to globally disable SX_TLS_VERIFY, or limit to debug builds with compile-time guard
  • Add TLS option for localhost API services — provide optional encryption for scorpiox-host, scorpiox-pwsh, scorpiox-sdk local servers
  • Short-Term (Medium — Windows-relevant):
  • Implement Authenticode code signing for Windows binaries — critical for enterprise deployment trust
  • Sanitize command arguments in slash command execution and Windows system() calls — use CreateProcess with argument arrays on Windows
  • Encrypt session data at rest or document data-at-rest policy for ~/.scorpiox/sessions/
  • Add agent recursion depth limits to prevent fork-bomb scenarios
  • Long-Term (Hardening):
  • Publish SHA256 checksums via independent channel (transparency log, signed manifest)
  • Implement reproducible builds for verification
  • Hash/anonymize PII fields in opt-in telemetry
  • Add non-root user creation in WSL container setup
  • Risk Acceptance

    For Windows workstation deployment, the effective risk profile is LOW:

    The software is suitable for controlled corporate deployment on Windows workstations with the following conditions:

  • Ensure SX_TLS_VERIFY is not set to 0 in deployment configuration
  • Do not enable USAGE_TRACKING or EMIT_SESSION_TRACKING unless data handling is documented
  • Monitor for future Authenticode signing implementation before broad rollout

  • 19. Appendix: Audit Methodology

    Agents Deployed

    #AgentScopeFiles Analyzed
    01supply-chainPackage managers, vendored libs, dependency integrityCMakeLists.txt, package.json, vendor/
    02build-provenanceCompiler flags, build scripts, Docker reproducibilityCMakeLists.txt, Dockerfiles, Makefiles
    03network-endpointsHardcoded URLs, IPs, domains, ports38 source files
    04tls-securityTLS configuration, certificate verification, protocol versionsAll curl callsites, SMTP, WebSocket
    05credential-hardcodeAPI keys, passwords, tokens, secretsConfig files, embedded defaults, build scripts
    06file-ioFile operations, temp files, permissions, data at rest224 source files
    07buffer-safetysprintf/strcpy/strcat, stack buffers, format strings224 source files
    08memory-safetymalloc NULL checks, realloc safety, use-after-free, double-free149 source files
    09command-injectionsystem(), popen(), exec*() with user inputAll process-spawning code
    10privilege-accessRoot operations, capabilities, namespaces, seccompContainer runtime, VM runner, process management
    11windows-deploymentWindows-specific binaries, APIs, deployment model51 Windows-compilable binaries
    12telemetry-trackingPhone-home behavior, analytics, data collection defaultsConfig system, usage/session reporters
    13install-scriptInstall/update scripts, distribution security, code signingInstall scripts (bash, PowerShell), update mechanisms
    14wpf-launcher.NET WPF launcher, P/Invoke safety, download securityscorpiox-code-wpf repository

    Analysis Methods

    Severity Classification

    LevelDefinition
    CRITICALExploitable vulnerability with direct security impact; requires immediate remediation
    HIGHSignificant security weakness; exploitation requires specific conditions
    MEDIUMSecurity concern that should be addressed; limited or mitigated impact
    LOWMinor issue or hardening opportunity; minimal direct security impact
    INFOInformational finding; positive observation or architectural note

    Report generated by automated security audit pipeline — 14 specialist agents Classification: CONFIDENTIAL — For Corporate Review Only