AgentReadyHomeAgent ListingPricing

← Gochu 🌶️

Gochu 🌶️ — agentic threat model

6.7AIVSS 6.7 · Medium

Gochu is a consumer-focused, uncensored multimodal chat agent with low agentic autonomy but high exposure to content abuse, deepfake generation, and compliance risks due to its lack of user authentication and safety guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.36Factor sum 2.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.10
Dynamic Tool Use
0.30
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

The agent relies on uncensored foundation models for text, image, and voice generation. The primary threats are the generation of highly toxic, non-consensual, or illegal content, as well as susceptibility to prompt injection that could reprogram the persona's behavior.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — It is unclear how user-defined personas, custom backstories, and generated media are stored or if chat histories are used to train future models, raising potential data privacy and leakage concerns.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework must coordinate text, image, and voice generation APIs. Threats include insecure integration of these generation tools and potential abuse of the APIs to exhaust backend resources.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The infrastructure hosts a public, free, and anonymous web application. This makes it a prime target for automated abuse, DDoS attacks, and resource exploitation (GPU harvesting) due to the lack of rate-limiting registration barriers.

L5 · Evaluation & Observability✓ mapped

The platform explicitly boasts '100% Uncensored AI' with 'no filters or restrictions'. This indicates a deliberate absence of input/output guardrails, content moderation, or safety evaluation, leading to complete blind spots regarding harmful content generation.

L6 · Security & Compliance (cross-cutting)✓ mapped

The 'No Registration Required' model means there is zero identity verification, authentication, or access control. This presents severe compliance and regulatory risks, particularly regarding age verification for NSFW content and lack of audit trails.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While users can create diverse personas, there is no explicit mention of a multi-agent ecosystem or third-party marketplace, though malicious user-created personas could be used to social-engineer other users if shared.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.