AgentReadyHomeAgent ListingPricing

← Void

Void — agentic threat model

7.3AIVSS 7.3 · High

Void is an open-source, model-agnostic VS Code fork that runs locally, giving it deep access to the user's codebase and terminal. While its local-first, data-privacy-centric architecture reduces cloud-based data exfiltration risks, its high-privilege local execution environment presents a significant risk of host compromise if agentic features are exploited.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.4AARS uplift 0.74Factor sum 4.6/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.20
Dynamic Tool Use
0.70
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Void is model-agnostic, allowing users to connect to their preferred LLMs. This shifts the L1 threat landscape to the user's chosen provider, introducing risks of adversarial prompt injection or misaligned outputs depending on the selected model.

L2 · Data Operations✓ mapped

Focuses heavily on data privacy and local control. However, codebase indexing and RAG operations are vulnerable to local data poisoning if a malicious file is introduced into the workspace, potentially leading to insecure code suggestions.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the exact orchestration framework for its 'agentic features' is unspecified. However, the primary threat is tool misuse, where the agent might execute destructive terminal commands or write buggy/malicious code during inline edits.

L4 · Deployment & Infrastructure✓ mapped

Runs locally as a desktop application (VS Code fork). This eliminates cloud hosting risks but increases local host vulnerability; a compromised agent has direct access to the developer's local filesystem, environment variables, and SSH keys.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in guardrails, real-time monitoring, or logging of agentic actions. This creates a blind spot where malicious or erroneous code modifications could go unnoticed until runtime.

L6 · Security & Compliance (cross-cutting)✓ mapped

Being open-source and local-first allows for complete auditability of the codebase, aligning well with strict data privacy policies. However, compliance and access control (e.g., preventing the agent from accessing sensitive local files) are entirely user-managed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while it is a VS Code fork, it is unclear how it handles the VS Code extension marketplace or if it supports third-party agentic plugins, which could introduce supply-chain vulnerabilities.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.