← AiderDesk Connector (VS Code)
AiderDesk Connector (VS Code) — agentic threat model
The AiderDesk Connector poses a moderate security risk primarily due to its zero-config local WebSocket connection (port 24337) which streams sensitive workspace file paths without explicit authentication, potentially exposing local development context to unauthorized local processes or cross-origin attacks.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.00 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.40 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The connector is a VS Code extension client and does not directly run or configure foundation models, though the downstream AiderDesk agent it connects to does.
Streams real-time open-file paths and workspace context. The primary risk is data exfiltration or exposure of sensitive file paths and contents to unauthorized local listeners.
Acts as a context-gathering tool for the AiderDesk framework. Vulnerabilities in the extension's file-tracking logic could be exploited to map the host file system.
Opens a local WebSocket on port 24337 with zero-config auto-connect. This introduces risks of Cross-Site WebSocket Hijacking (CSWSH) or local port binding abuse by other malicious processes on the same machine.
Not certain from the listing — There is no mention of logging, connection auditing, or guardrails to restrict which file paths can be transmitted over the WebSocket.
Lacks explicit authentication or authorization mechanisms due to its 'zero-config auto-connect' design, failing to verify if the entity connecting to port 24337 is the legitimate AiderDesk application.
Establishes a direct agent-to-extension trust relationship. A compromised local agent or a malicious process masquerading as AiderDesk can abuse this trust to silently harvest workspace metadata.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).