AgentReadyHomeAgent ListingPricing

← Orchids

Orchids — agentic threat model

9.8AIVSS 9.8 · Critical

Orchids exhibits a high-risk profile due to its desktop-level execution, multi-agent orchestration, and integration with sensitive third-party services like Stripe and Supabase. A compromise could lead to local host takeover, credential theft, or the silent injection of vulnerabilities into production-ready deployments.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.3AARS uplift 0.55Factor sum 7.1/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.90
Self-Modification
0.30
Dynamic Tool Use
0.90
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.70
Multi-Agent Interactions
0.80
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used are not disclosed. However, because the agent processes untrusted codebases and browses the web, it is highly vulnerable to indirect prompt injection, which could lead to malicious code generation or model reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The mechanisms for codebase indexing, RAG, or local vector storage are unspecified. Ingestion of malicious files from a repository could poison the agent's context, leading to data exfiltration or embedding inversion.

L3 · Agent Frameworks✓ mapped

The agent framework coordinates complex planning, code generation, and multi-agent execution. Insecure tool integration is a major threat here, as the agent has the capability to write and execute code, potentially leading to unauthorized system commands or memory poisoning across agent sessions.

L4 · Deployment & Infrastructure✓ mapped

Operating as a desktop IDE with screen-viewing and browser interaction capabilities introduces severe infrastructure risks. A compromise of the desktop application could lead to local host takeover, privilege escalation, or the theft of sensitive API keys (Stripe, Supabase) stored in the environment.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, real-time monitoring, or logging mechanisms to detect anomalous agent behavior, screen-scraping abuse, or malicious code generation before execution.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No security certifications (e.g., SOC2), identity governance, or access control policies are detailed, particularly regarding how third-party credentials (Stripe, Supabase) are securely handled and isolated.

L7 · Agent Ecosystem✓ mapped

The platform explicitly utilizes multi-agent execution. This introduces threats of agent-to-agent trust abuse, where a compromised sub-agent could escalate privileges, bypass user intent, or cause cascading failures across the development and deployment pipeline.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.