SupaBook — agentic threat model
SupaBook presents moderate-to-high agentic risk due to its automated communication and CRM integration capabilities, which could be abused for automated phishing or data exfiltration if compromised. The lack of visible security controls or human-in-the-loop verification in the listing increases the potential impact of model exploitation.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.60 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models used for generating follow-ups and communications are undisclosed. Standard risks include prompt injection leading to inappropriate or malicious outgoing messages, and potential model misalignment.
Not certain from the listing — The agent processes sensitive CRM data, customer contact details, and communication histories. Risks include data exfiltration of customer databases and potential training data/RAG poisoning if incoming customer replies are ingested without sanitization.
Not certain from the listing — The orchestration framework managing the follow-up logic is unspecified. Insecure tool integration with email/SMS APIs could allow an attacker to hijack the communication channel to send spam or phishing campaigns.
Not certain from the listing — As a closed-source CRM, deployment details are hidden. Key risks involve the secure storage of API keys and credentials for third-party communication platforms and CRM databases.
Not certain from the listing — There is no mention of monitoring, guardrails, or evaluation frameworks to detect and block toxic, inaccurate, or unauthorized outgoing communications generated by the AI.
Not certain from the listing — Compliance postures (such as GDPR/CCPA for CRM data) and identity/access management controls are not detailed, posing compliance risks regarding automated customer outreach.
Not certain from the listing — The agent operates primarily as a standalone CRM automation tool; there is no evidence of multi-agent collaboration or marketplace interactions.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.