TealKit — agentic threat model
TealKit presents a high-risk profile due to its powerful capabilities like SSH/SFTP access, shell script generation, and MCP integration on a mobile platform, which could lead to severe data exfiltration or remote code execution if compromised.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.80 | |
| Multi-Agent Interactions | 0.40 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.80 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Supports multiple external model providers (Google, OpenAI, Anthropic, Mistral) and local Ollama models, exposing the agent to provider-specific vulnerabilities, adversarial prompt injection, and potential model reprogramming.
Handles sensitive data operations including email search, semantic document search, and PDF extraction, creating risks of data exfiltration, unauthorized access, and local vector store poisoning.
Orchestrates multi-step actions, tool selection, and scheduled automations. The generation of shell scripts and execution of SSH/SFTP commands present extreme risks of tool misuse and insecure tool integration.
Deployed as an Android mobile application. Security risks include insecure local storage of SSH/SFTP credentials, lack of sandboxing for executed shell scripts, and potential compromise of the host mobile device.
Not certain from the listing — there is no explicit mention of built-in guardrails, execution logging, or observability features for monitoring agent actions and detecting anomalous behavior.
Not certain from the listing — while the app handles highly sensitive credentials (SSH/SFTP), there is no mention of enterprise security compliance, centralized access controls, or formal audit logging.
Supports the Model Context Protocol (MCP), which allows integration with external tools and servers, introducing risks of rogue MCP servers, untrusted tool interactions, and cascading failures.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.