AgentReadyHomeAgent ListingPricing

← Omnara

Omnara — agentic threat model

9.7AIVSS 9.7 · Critical

Omnara presents a high-risk profile due to its integration with Claude Code, granting it direct file modification and shell execution capabilities. The voice-driven mobile and web interface introduces additional attack vectors, such as ambient prompt injection, which could lead to unauthorized code execution or repository compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.3AARS uplift 0.43Factor sum 5.9/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.40
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Powered by Claude Code (Anthropic Claude models). Primary threats include prompt injection (including voice-based injection) that can bypass system instructions to execute unauthorized terminal commands or generate malicious code.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely accesses local workspace files, git repositories, and voice input streams. Threats include codebase poisoning (where malicious files or comments inject instructions) and unauthorized exfiltration of proprietary source code.

L3 · Agent Frameworks✓ mapped

Uses Claude Code's agentic framework for planning, file editing, and terminal execution. Threats include tool misuse, where the agent is tricked into running destructive shell commands or writing backdoors into the codebase.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the hosting environment for the mobile/web IDE and where the code execution actually occurs (local machine vs. cloud container) is unspecified. Threats include container escape, privilege escalation, and exposure of local developer credentials.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no monitoring, logging, or command-validation guardrails are described. Threats include a lack of audit trails for voice-triggered actions and blind spots regarding executed shell commands.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — authentication and authorization mechanisms for accessing the mobile/web IDE are not detailed. Threats include session hijacking or unauthorized access allowing full control over the developer's environment.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — primarily functions as a single-agent developer tool, but may interact with package managers or external repositories. Threats include pulling compromised dependencies or interacting with malicious external APIs during automated debugging.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.