AgentReadyHomeAgent Listing

← Anima | UX Design Agent

Anima | UX Design Agent — agentic threat model

8.4AIVSS 8.4 · High

Anima presents a moderate-to-high risk profile due to its integration with developer environments (MCP, Cursor, Claude Code) and its ability to clone live websites and generate functional code, which could be leveraged for code injection or SSRF.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.37Factor sum 5.2/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.50
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.80
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Likely relies on third-party frontier models for design and code generation. Primary threats include prompt injection that could manipulate generated UI code or inject malicious scripts into the live playground.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Processes Figma assets, brand guidelines, and live website clones. Key threats include SSRF during website cloning, data exfiltration of proprietary design assets, and insecure handling of imported Figma tokens.

L3 · Agent Frameworks✓ mapped

Utilizes Model Context Protocol (MCP) to expose design skills to other agents like OpenClaw. Threats include insecure tool integration, where malicious prompts to the host agent could trigger unauthorized design generation or data exposure via the MCP server.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosts a live playground with built-in database and auth for prototypes. Threats include sandbox escape from the playground environment, unauthorized access to the prototype database, and hosting of phishing sites cloned via the tool.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No observability or guardrail mechanisms are detailed. This creates a blind spot where generated malicious code or unauthorized website cloning could go undetected.

L6 · Security & Compliance (cross-cutting)✓ mapped

Provides built-in database and auth for prototypes, but lacks explicit enterprise-grade compliance or access control details. Risks include weak default credentials in generated prototypes and lack of audit trails for generated code.

L7 · Agent Ecosystem✓ mapped

Highly integrated into the agent ecosystem via MCP handoffs to Cursor, Claude Code, and OpenClaw. This creates a significant risk of cascading failures and A2A trust abuse, where a compromised coding agent could exploit Anima's design generation capabilities.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).