StopScam — agentic threat model
StopScam presents a moderate security risk; while its autonomy is low as a passive analysis and alerting tool, it processes highly sensitive multimodal user data (SMS, emails, screenshots, letters), making data privacy, exfiltration, and adversarial prompt injection (evasion) its primary threat vectors.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes multimodal vision-language models to process screenshots, physical letters, and images. Primary threats include adversarial prompt injection embedded within scam documents designed to trick the model into classifying malicious content as safe.
Not certain from the listing — ingests highly sensitive user communications (emails, SMS, letters). Primary threats include data exfiltration of PII or financial details during processing, and potential data leakage if user uploads are used for downstream model training without sanitization.
Not certain from the listing — orchestration likely involves parsing inputs and routing to OCR or URL analysis tools. Threats include insecure tool integration, such as Server-Side Request Forgery (SSRF) or remote code execution when the agent attempts to fetch and analyze untrusted URLs.
Not certain from the listing — hosted as a closed-source cloud service. Threats include infrastructure compromise leading to mass exposure of uploaded user documents, and lack of sandboxing when parsing complex file formats or rendering screenshots.
Not certain from the listing — requires continuous evaluation to prevent evasion. Threats include detection drift where novel scam techniques bypass the model, and a lack of transparency/explainability regarding why a specific item was flagged or cleared.
Not certain from the listing — handles sensitive personal data but does not disclose compliance with frameworks like GDPR or SOC2. Threats include regulatory non-compliance regarding data retention and lack of user access controls over historical scans.
Not certain from the listing — operates as a standalone utility. Threats are minimal here unless integrated directly into automated email/SMS gateways where false negatives could lead to automated compromise of the user's downstream systems.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.