📄 security-audit-report.md
⬇ Download Raw

Third-Party Software Security Review — SCORPIOX CODE

FieldValue
SoftwareSCORPIOX CODE
TypeAI-Powered Development Tool / CLI Platform
LanguagePure C (zero external dependencies)
Audit Date2026-04-30
Codebase Commitfe4a27dca4c7a52f1735792badc534530cd24a84
ClassificationCONFIDENTIAL — For Corporate Review Only

1. Executive Summary

This report consolidates findings from 14 specialized security audit agents examining the SCORPIOX CODE codebase at commit fe4a27d. The audit covers supply chain integrity, build provenance, network security, TLS configuration, credential handling, file I/O safety, buffer safety, memory safety, command injection, privilege management, Windows deployment scope, telemetry practices, install script security, and the WPF launcher application.

Key Metrics

MetricValue
Lines of Code376,275 total (148,135 project / 228,140 vendor)
Total Findings155
Critical0
High0
Medium14
Low44
Informational97
Overall Risk RatingLOW
Windows-Filtered Findings138 (0 Critical, 0 High, 10 Medium, 38 Low, 90 Info)

Assessment Summary

SCORPIOX CODE demonstrates strong security engineering discipline across a 148K-line pure-C codebase. The project achieves a safe-to-unsafe string function ratio of 3,464:1, enforces centralized TLS verification by default, uses fork()+execvp() over system() for process spawning, vendors only two well-maintained C libraries (mbedTLS 3.6.6, yyjson 0.12.0), and ships zero third-party runtime dependencies in its Windows distribution. Both telemetry systems are disabled by default with no mandatory data collection.

No critical or high-severity findings were identified. The 14 medium-severity findings are concentrated in three areas: (1) file I/O edge cases on multi-user Linux systems, (2) command injection in the Linux-only container init process (requires filesystem control), and (3) install script integrity gaps (same-origin checksums without independent code signing). Most medium findings do not apply to the primary Windows workstation deployment.


2. Deployment Scope — Windows Workstation vs Server-Side

2.1 Primary Deployment: Windows Workstation

The following binaries are compiled for and deployed on Windows:

BinaryPurpose
sx.exeMain TUI — AI coding assistant
scorpiox.exeSymlink to sx.exe
scorpiox-bash.exeShell command execution (PowerShell/cmd.exe)
scorpiox-busybox.exeEmbedded Unix utilities
scorpiox-screenshot.exeScreenshot capture
scorpiox-vi.exeMinimal vi text editor
scorpiox-config.exeConfiguration manager
scorpiox-websearch.exeMulti-engine web search
scorpiox-fetch.exeURL content fetcher
scorpiox-renderimage.exeImage rendering/display
scorpiox-pwsh.exePowerShell integration
scorpiox-wsl.exeWSL integration
scorpiox-tmux.exeTerminal session manager
scorpiox-multiplexer.exeTerminal multiplexer
scorpiox-voice.exeVoice recording + Whisper
scorpiox-server.exeHTTP server for script execution
scorpiox-otp.exeTOTP/HOTP generator
scorpiox-transcript.exeConversation viewer
scorpiox-conv.exeConversation manager
scorpiox-rewind.exeConversation checkpoint rewind
scorpiox-debug.exeDiagnostics viewer
scorpiox-logger.exeLog file viewer
scorpiox-printlogs.exeLog export utility
scorpiox-systemprompt.exeSystem prompt generator
scorpiox-search.exeCode search (grep/rg/ag)
scorpiox-agent.exeSub-agent spawner
scorpiox-tasks.exeTask manager
scorpiox-skills.exeSkill manager
scorpiox-planmode.exePlan mode manager
scorpiox-askuserquestion.exeInteractive question TUI
scorpiox-gemini.exeGemini provider
scorpiox-mcp.exeModel Context Protocol
scorpiox-beam.exeBeam sharing
scorpiox-host.exeHost information
scorpiox-openai.exeOpenAI provider
scorpiox-email.exeEmail client
scorpiox-usage.exeUsage reporting (opt-in)
scorpiox-emit-session.exeSession telemetry (opt-in)
scorpiox-frp.exeFast reverse proxy
scorpiox-hook.exeGit hook manager
scorpiox-vault-git.exeGit vault
scorpiox-mirror-git.exeGit mirror
scorpiox-dns.exeDNS server
scorpiox-kql.exeKQL query engine
scorpiox-sdk.exeSDK utilities
scorpiox-server-email.exeEmail server
scorpiox-server-http2tcp.exeHTTP-to-TCP bridge
scorpiox-claudecode-fetchtoken.exeClaude token fetcher
scorpiox-claudecode-refreshtoken.exeClaude token refresh
scorpiox-codex-refreshtoken.exeCodex token refresh
scorpiox-claudecode-models.exeClaude model list
scorpiox-codex-fetchtoken.exeCodex token fetcher
scorpiox-gemini-fetchtoken.exeGemini token fetcher
scorpiox-server-fetchtoken.exeServer token fetcher
libsx.dllShared library for WPF P/Invoke
Total: 55 Windows binaries (53 executables + 1 DLL + 1 symlink)

2.2 Linux/Unix-Only Binaries (NOT deployed on Windows)

BinaryReason
scorpiox-sshpassUnix PTY/signal handling
scorpiox-trafficUnix raw sockets
scorpiox-docsfork/pipe-based browser
scorpiox-runtestfork()+execvp() test runner
scorpiox-executecurlfork-based curl executor
scorpiox-podmanPodman container manager
scorpiox-unshareRootless container runtime (user namespaces)
scorpiox-initContainer init (PID 1)
scorpiox-vmKVM virtual machine runner
scorpiox-cronCrontab wrapper
scorpiox-whatsappWhatsApp CLI (fork/pipe/select)

2.3 Windows-Filtered Findings Summary

Of the 155 total findings, 17 are Linux/Unix-only and do not apply to Windows workstation deployments:

Excluded FindingReportSeverityReason
NET-03: Container registry TLS verifyNetworkLOWPodman/container Linux-only
FIO-03: /tmp/sxmux predictable pathFile I/OMEDIUMUnix socket path
MEM-02: scorpiox-unshare stack leakMemoryMEDIUMLinux-only binary
CJ-01: scorpiox-init descriptor injectionCommand Inj.MEDIUMLinux-only binary
CJ-02: scorpiox-init INIT_TOOLS injectionCommand Inj.MEDIUMLinux-only binary
PA-01: Missing CLONE_NEWIPCPrivilegeLOWLinux namespaces
PA-02: Seccomp minimal blocklistPrivilegeLOWLinux seccomp
PA-03: --privileged flagPrivilegeINFOLinux container
PA-04: PR_SET_NO_NEW_PRIVSPrivilegeINFOLinux-only
PA-05: Environment clearing in containersPrivilegeINFOLinux-only
PA-07: Capability droppingPrivilegeINFOLinux-only
PA-08: pivot_rootPrivilegeINFOLinux-only
PA-09: OverlayfsPrivilegeINFOLinux-only
IS-04: --no-verify flagInstallLOWLinux/macOS script
IS-07: macOS ad-hoc codesignInstallLOWmacOS only
IS-09: curl\bash patternInstallLOWLinux/macOS
Finding on bridge/ws2tcp.c traversalFile I/O(partial)Linux-only component
Windows deployment finding count: 138 (0 Critical, 0 High, 10 Medium, 38 Low, 90 Info)

3. Changes Since Last Audit

Previous Audit: output/2026-04-30_6851bc0 (commit 6851bc0, 2026-04-30)
MetricPrevious (<code class="inline-code">6851bc0</code>)Current (<code class="inline-code">fe4a27d</code>)Delta
Total Findings225155−70 (↓31%)
Critical20−2
High60−6
Medium3814−24
Low5544−11
Info12497−27
Windows Findings67138*+71
Overall RiskLOW-MEDIUMLOWImproved
\Note: The Windows finding count increase reflects improved granularity in the Windows deployment analysis (14 agents vs 13 previously, with the addition of the WPF launcher audit contributing 22 findings). The actual security posture improved — all Critical and High findings were remediated.*

Key Improvements Since Last Audit

  • All 2 Critical findings eliminated — zero critical findings remain
  • All 6 High-severity findings eliminated — zero high findings remain
  • Medium findings reduced by 63% (38 → 14)
  • Commit fe4a27d specifically addresses Windows command injection findings CJ-16, CJ-17, CJ-18 (per commit message: "security: fix 3 Windows command injection findings")
  • Overall risk rating improved from LOW-MEDIUM to LOW

  • 4. Supply Chain & Dependencies

    Agent: supply-chain | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 1 Low, 5 Info

    Key Findings

    The project has an exceptionally minimal supply chain for a software platform of this scale:

    An optional WhatsApp bridge component (bridge/) uses Bun/TypeScript with 2 npm dependencies, but this is not part of the core build system or Windows distribution.

    FindingSeverityDescription
    SC-01LOWVendored library versions not tracked in a dedicated manifest file (versions are in source headers)
    SC-02–SC-06INFOPositive observations: current library versions, proper licensing, minimal config, no pre-built binaries, zero-dependency Windows distribution

    5. Build System & Code Provenance

    Agent: build-provenance | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 2 Low, 5 Info

    Build Security Highlights

    FindingSeverityDescription
    BP-01LOWbridge/Makefile missing linker hardening flags (RELRO, noexecstack)
    BP-02LOWPIE not explicitly enabled for static builds (typical for static binaries)
    BP-03–BP-07INFOPositive: hardening flags present, deterministic build, frozen code generation, comprehensive CMake structure

    6. Network Endpoints

    Agent: network-endpoints | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 3 Low, 7 Info

    Network Architecture

    78 unique hardcoded endpoints across 43 source files. All external connections use HTTPS. Endpoints fall into three categories:

  • First-party infrastructure (*.scorpiox.net) — distribution, token services, API proxying
  • Third-party LLM APIs — Anthropic, OpenAI, Google AI, Z.AI (all HTTPS)
  • Localhost services — HTTP for local IPC only
  • FindingSeverityDescription
    NET-01LOWHardcoded public IP (20.53.240.54) for TCP token transport in WASM config; native config uses hostname
    NET-02LOWDNS server binds 0.0.0.0:53 by default (intentional; configurable via DNS_LISTEN)
    NET-03LOWContainer registry TLS verification defaults to false (Linux-only, Podman context)
    NET-04–NET-10INFOPositive observations: all HTTPS, proper localhost binding, standard API endpoints

    7. TLS/SSL Security

    Agent: tls-security | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 3 Low, 9 Info

    TLS Architecture

    All libcurl HTTPS connections route through a centralized sx_curl_set_tls() helper enforcing certificate verification by default. All mbedTLS contexts enforce TLS 1.2 minimum. The SMTP server correctly requires STARTTLS before AUTH on submission port 587.

    FindingSeverityDescription
    TLS-01LOWSX_TLS_VERIFY config allows disabling certificate verification (default: enabled, with warning)
    TLS-02LOWOpportunistic STARTTLS for MX delivery uses VERIFY_OPTIONAL (standard SMTP behavior per RFC 3207)
    TLS-03LOWTLS session tickets not explicitly disabled (default mbedTLS behavior, minimal risk)
    TLS-04–TLS-12INFOPositive: centralized TLS config, fail-closed on CA errors, STARTTLS enforcement on 587, consistent sx_curl_set_tls() usage across all callsites, plaintext HTTP only for localhost

    8. Hardcoded Credentials

    Agent: credential-hardcode | Risk: LOW | Findings: 0 Critical, 0 High, 2 Medium, 3 Low, 3 Info

    Assessment

    No actual secret values (API keys, passwords, tokens) were found hardcoded in the source code. All sensitive configuration fields use empty-string defaults and are populated at runtime via environment variables or configuration file.
    FindingSeverityDescription
    CRED-01MEDIUMHardcoded OAuth client IDs for OpenAI/Anthropic (public IDs, no client_secret; rotation requires rebuild)
    CRED-02MEDIUMHardcoded infrastructure IP 20.53.240.54 in WASM config (infrastructure exposure, not a credential)
    CRED-03LOWHardcoded internal service URLs in embedded config
    CRED-04LOWEmbedded config key placeholders (empty-string defaults)
    CRED-05LOWBase64-encoded SMTP challenge strings (protocol constants, not secrets)
    CRED-06–08INFOConfig architecture observations — centralized, runtime-populated

    9. File I/O & Data Handling

    Agent: file-io | Risk: MEDIUM | Findings: 0 Critical, 0 High, 3 Medium, 5 Low, 5 Info

    File I/O Security Controls

    FindingSeverityDescription
    FIO-01MEDIUMAPI request/response bodies logged in plaintext to api.log (file is 0600; sensitive conversation content persists on disk)
    FIO-02MEDIUMPath traversal check uses strstr(.., "..") — double-encoding bypass possible in ws2tcp.c (Linux-only) and scorpiox-server.c
    FIO-03MEDIUMPredictable socket path /tmp/sxmux without UID qualification on fallback (Linux-only)
    FIO-04–08LOWLog rotation absent, no automatic log expiry, temp file cleanup on error paths
    FIO-09–13INFOPositive: FD_CLOEXEC, mkstemp, sensitive redaction, 0600 permissions, path traversal checks present

    10. Buffer Safety

    Agent: buffer-safety | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 3 Low, 6 Info

    Buffer Safety Metrics

    FunctionCountSafety
    snprintf2,228✅ Safe
    strncpy601✅ Safe
    memcpy (bounded)514✅ Safe
    fgets107✅ Safe
    sprintf1⚠️ Unsafe
    strcpy / strcat / gets0✅ Not used
    Safe:Unsafe ratio = 3,464:1
    FindingSeverityDescription
    BUF-01LOWSingle sprintf in SHA256 hex encoding (bounded by construction — 32 iterations × 2 bytes into 65-byte buffer)
    BUF-02LOWYamux stream buffer uint32_t doubling without overflow guard (requires authenticated FRP tunnel; window limits make impractical)
    BUF-03LOWIMAP FETCH response stack buffer truncation on large envelopes (8KB buffer; silently truncates, no overflow)
    BUF-04–09INFOPositive: zero strcpy/strcat/gets, consistent snprintf, bounded memcpy, proper fgets usage

    11. Memory Safety

    Agent: memory-safety | Risk: LOW | Findings: 0 Critical, 0 High, 2 Medium, 2 Low, 4 Info

    Memory Management Practices

    The vast majority of malloc/calloc/realloc calls have proper NULL checks. realloc calls use a temporary variable pattern to avoid pointer loss.

    FindingSeverityDescription
    MEM-01MEDIUMsx_api_init() leaks h->api allocation if h->display calloc fails (redundant early return; one-time init path)
    MEM-02MEDIUMscorpiox-unshare.c leaks stack (8MB) on pipe failure (Linux-only; process exits shortly after)
    MEM-03LOWTerminal resize unchecked calloc return (graceful fallback — old buffers retained)
    MEM-04LOWHTTP header realloc pattern correct but missing explicit overflow check on count multiplication
    MEM-05–08INFOPositive: consistent NULL checks, proper realloc pattern, no use-after-free in critical paths, proper free-before-reassign

    12. Command Injection

    Agent: command-injection | Risk: LOW | Findings: 0 Critical, 0 High, 2 Medium, 3 Low, 5 Info

    Remediation Progress

    The commit under review (fe4a27d) specifically fixes 3 Windows command injection findings (CJ-16, CJ-17, CJ-18). Most system() calls have been replaced with fork()+execvp() or CreateProcess on Windows.

    FindingSeverityDescription
    CJ-01MEDIUMscorpiox-init tool descriptor fields injected into shell commands (Linux-only; requires filesystem control of mounted volumes)
    CJ-02MEDIUMscorpiox-init INIT_TOOLS env var passed to sx_system_safe() unsanitized (Linux-only; requires env control)
    CJ-03LOWWindows: SCORPIOX_INDEX_URL config interpolated into sx_popen_no_window() (requires admin-level config modification)
    CJ-04LOWscorpiox-server.c Python path interpolation in command string (server-side, configurable path)
    CJ-05LOWResidual sx_system_safe() calls in non-critical paths (3 remaining call sites)
    CJ-06–10INFOPositive: CreateProcess on Windows, fork+execvp on Linux, metacharacter validation, quoted arguments

    13. Privilege & Access Control

    Agent: privilege-access | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 3 Low, 12 Info

    Security Architecture

    The container runtime (scorpiox-unshare) uses Linux user namespaces, pivot_root, overlayfs, and seccomp BPF. The runtime avoids setuid, uses PR_SET_NO_NEW_PRIVS, drops capabilities, clears environment before exec, and uses fork+execvp instead of system().

    Important context: The container runtime runs trusted first-party agents on a private network — not untrusted workloads. Findings are rated against this threat model, not against generic container security checklists.
    FindingSeverityDescription
    PA-01LOWMissing CLONE_NEWIPC in container namespace flags (Linux-only; defense-in-depth)
    PA-02LOWSeccomp filter blocks only 2 syscalls — default-allow policy (appropriate for trusted-agent model)
    PA-03LOWNo cgroup resource limits on containers (trusted workloads; DoS from own agents is self-inflicted)
    PA-04–15INFOPositive: no setuid, PR_SET_NO_NEW_PRIVS enforced, capabilities dropped, environment cleared, fork+execvp, pivot_root with overlayfs, --privileged properly guarded

    14. Windows Deployment Analysis

    Agent: windows-deployment | Risk: LOW | Findings: 0 Critical, 0 High, 1 Medium, 3 Low, 9 Info

    Windows Security Highlights

    FindingSeverityDescription
    WIN-01MEDIUMscorpiox-bash.c writes temp .bat files in %TEMP% for cmd.exe execution (TOCTOU risk in shared temp; mitigated by user-scoped %TEMP%)
    WIN-02LOWscorpiox-wsl.exe SHA256 verification bypass possible on parse error (dead code path — check_for_update() never called)
    WIN-03LOWDLL search order — SetDllDirectory used but libsx.dll loaded from %LOCALAPPDATA%\scorpiox (trusted path)
    WIN-04LOWscorpiox-multiplexer uses named pipes without explicit ACL (defaults to creator-only access on Windows)
    WIN-05–13INFOPositive: CreateProcess usage, SHA256 update verification, user-scoped PATH, no admin required, proper quoting

    15. Telemetry and Tracking

    Agent: telemetry-tracking | Risk: LOW | Findings: 0 Critical, 0 High, 0 Medium, 1 Low, 4 Info

    Verdict: No Tracking by Default

    Both telemetry systems (USAGE_TRACKING and EMIT_SESSION_TRACKING) are disabled (0) in all configuration tiers: compiled defaults, embedded config, and shipped config file. No network telemetry occurs out of the box.

    Mandatory Data Collection: NONE — All telemetry is fully opt-in.
    SystemDefaultData Collected (when enabled)
    USAGE_TRACKINGOFFToken counts, model name, session UUID, hostname, OS (no conversation content)
    EMIT_SESSION_TRACKINGOFFFull conversation messages, tool calls/results (privacy-sensitive; requires explicit opt-in)
    FindingSeverityDescription
    TEL-01LOWUSAGE_TRACKING guard logic uses negative check — if config value is NULL/missing, tracking would proceed (defaults to "0" so safe in practice)
    TEL-02–05INFOPositive: both systems disabled by default, gating at both caller and binary level, no mandatory collection, opt-in architecture

    16. Install Script & Distribution Security

    Agent: install-script | Risk: MEDIUM | Findings: 0 Critical, 0 High, 3 Medium, 7 Low, 7 Info

    Distribution Security Architecture

    FindingSeverityDescription
    IS-01MEDIUMSame-origin checksums — binary and SHA256 hash served from same server; no independent code signing (GPG, Sigstore)
    IS-02MEDIUMindex.txt branch control file has no integrity protection (server compromise could redirect to malicious branch)
    IS-03MEDIUMverify_sha256_update() parse-error bypass in scorpiox-wsl.c (dead code path — function never called)
    IS-04LOW--no-verify flag allows checksum bypass (Linux/macOS only)
    IS-05LOWNon-atomic installation — partial state on interruption
    IS-06LOWNo HSTS on get.scorpiox.net installer endpoint
    IS-07LOWmacOS binary uses ad-hoc codesign (no Developer ID)
    IS-08LOWNo rollback mechanism on installation failure
    IS-09LOWcurl\bash pattern susceptible to partial download execution (Linux/macOS)
    IS-10LOWNo reproducible build process
    IS-11–17INFOPositive: SHA256 enforced by default, HTTPS with HSTS on dist server, per-commit provenance, user-scoped Windows install

    17. WPF Launcher (scorpioxcode.exe)

    Agent: wpf-launcher | Risk: LOW | Findings: 0 Critical, 0 High, 1 Medium, 5 Low, 16 Info

    WPF Security Highlights

    FindingSeverityDescription
    WPF-01MEDIUMCharSet.Ansi marshalling corrupts non-ASCII input to UTF-8 native API (functional bug with minor security implications)
    WPF-02LOWUnbounded null-terminator scan in PtrToStringUtf8 (trusted first-party library contract)
    WPF-03LOWInstall script URL lacks explicit https:// scheme
    WPF-04LOWBinary and checksum from same origin (no code signing)
    WPF-05LOWRemote telemetry sends machine name and file paths (minor PII)
    WPF-06LOWAutoUpdater SHA256 verification — same-origin checksum pattern
    WPF-07–22INFOPositive: zero NuGet deps, proper P/Invoke safety, SHA256 downloads, no unsafe code, deterministic builds

    18. Consolidated Risk Matrix

    Medium-Severity Findings

    #AreaFindingSeverityWindowsRecommendation
    1CredentialsHardcoded OAuth client IDs (public, no secret)MEDIUMMake configurable for rotation
    2CredentialsHardcoded infrastructure IP in WASM configMEDIUMUse DNS hostname consistently
    3File I/OAPI bodies logged in plaintext (0600 perms)MEDIUMAdd config to disable body logging; log rotation
    4File I/OPath traversal double-encoding bypassMEDIUMUse realpath() validation consistently
    5File I/OPredictable /tmp/sxmux socket pathMEDIUMAlways append UID to path
    6Memorysx_api_init() allocation leak on errorMEDIUMRemove redundant early return (line 108)
    7Memoryscorpiox-unshare stack leak on pipe failMEDIUMAdd free(stack) before error return
    8Command Inj.scorpiox-init descriptor field injectionMEDIUMUse fork+execvp or validate with allowlist
    9Command Inj.scorpiox-init INIT_TOOLS env injectionMEDIUMAdd is_safe_shell_arg() validation
    10InstallSame-origin checksums (no code signing)MEDIUMImplement GPG or Sigstore signing
    11Installindex.txt branch control unprotectedMEDIUMAdd integrity verification for index file
    12InstallSHA256 parse-error bypass (dead code)MEDIUMFix parse-error return handling or remove dead code
    13WindowsTemp .bat file TOCTOU in scorpiox-bashMEDIUMUse unique temp filenames with mkstemp pattern
    14WPFCharSet.Ansi corrupts non-ASCII to UTF-8 APIMEDIUMUse manual UTF-8 marshalling for string parameters

    Low-Severity Findings (Summary by Area)

    AreaCountKey Themes
    Supply Chain1Version tracking manifest
    Build Provenance2Bridge Makefile hardening, PIE
    Network Endpoints3WASM hardcoded IP, DNS bind, registry TLS
    TLS Security3SX_TLS_VERIFY toggle, opportunistic STARTTLS, session tickets
    Credentials3Internal service URLs, config placeholders, SMTP constants
    File I/O5Log rotation, temp cleanup, error-path handling
    Buffer Safety3Single sprintf, yamux overflow guard, IMAP truncation
    Memory Safety2Terminal resize, header realloc
    Command Injection3Config URL interpolation, Python path, residual sx_system_safe
    Privilege & Access3CLONE_NEWIPC, seccomp depth, cgroup limits
    Windows Deployment3Dead-code SHA256 bypass, DLL search, named pipe ACL
    Telemetry1Usage tracking guard logic
    Install Script7--no-verify, non-atomic install, HSTS, macOS codesign, curl\bash, rollback, reproducibility
    WPF Launcher5PtrToStringUtf8 bounds, install URL scheme, same-origin checksums, telemetry PII, auto-updater

    19. Conclusion & Recommendations

    Overall Assessment

    SCORPIOX CODE achieves a LOW overall risk rating with zero Critical and zero High findings across 155 total observations from 14 audit agents. This represents a significant improvement from the previous audit (225 findings including 2 Critical and 6 High). The commit under review specifically addresses Windows command injection vulnerabilities, demonstrating active security remediation.

    Top Recommendations (Priority Order)

  • Implement independent code signing (GPG or Sigstore) for release artifacts to establish a trust anchor independent of the distribution server (IS-01)
  • Fix CharSet.Ansi marshalling in the WPF launcher to prevent non-ASCII input corruption (WPF-02)
  • Add log rotation and configurable body logging to prevent indefinite sensitive conversation persistence (FIO-01)
  • Use realpath() validation consistently for all path traversal checks (FIO-02)
  • Remove dead code in scorpiox-wsl.c check_for_update() or fix the SHA256 parse-error handling (IS-03)
  • Add input validation for scorpiox-init descriptor fields and INIT_TOOLS environment variable (CJ-01, CJ-02, Linux-only)
  • Fix the sx_api_init() memory leak by removing the redundant early return at line 108 (MEM-01)
  • Expand seccomp blocklist with additional commonly-blocked syscalls for defense-in-depth (PA-02, Linux-only)
  • Strengths


    Appendix: Audit Methodology

    Agents Deployed

    #AgentScope
    1supply-chainPackage managers, vendored libraries, dependency analysis
    2build-provenanceBuild system, compiler/linker flags, code generation
    3network-endpointsHardcoded URLs, IPs, domains, ports, binding addresses
    4tls-securityCertificate verification, protocol versions, cipher suites
    5credential-hardcodeAPI keys, passwords, tokens, secrets in source
    6file-ioFile operations, temp files, permissions, data at rest
    7buffer-safetysprintf/strcpy/strcat usage, bounds checking, format strings
    8memory-safetymalloc/realloc NULL checks, use-after-free, double-free, leaks
    9command-injectionsystem(), popen(), exec*() with untrusted input
    10privilege-accesssetuid, root requirements, sandboxing, namespaces
    11windows-deploymentWindows binary enumeration, platform-specific risks
    12telemetry-trackingPhone-home behavior, analytics, data collection defaults
    13install-scriptInstallation scripts, update mechanism, distribution integrity
    14wpf-launcherWPF desktop application security (P/Invoke, downloads, telemetry)

    Analysis Approach

    Severity Definitions

    SeverityDefinition
    CriticalRemotely exploitable without authentication; immediate data breach risk
    HighExploitable with minimal prerequisites; significant security impact
    MediumExploitable with specific prerequisites (local access, config modification, filesystem control); moderate impact
    LowDefense-in-depth hardening; theoretical risk with minimal practical exploitability
    InfoPositive security observation or architectural note