AgentReadyHomeAgent Listing

← BurtTheCoder/mcp-shodan

BurtTheCoder/mcp-shodan — agentic threat model

6.7AIVSS 6.7 · Medium

This MCP server acts as a powerful reconnaissance tool for agents, introducing risks related to API key exposure and unauthorized target scanning if integrated into autonomous workflows without strict guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.8AARS uplift 0.88Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.30
Multi-Agent Interactions
0.40
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The MCP server itself does not define or host a foundation model; it is an external tool designed to be called by LLMs, meaning model-level threats depend entirely on the orchestrating client.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No local training data or vector stores are described. The tool acts as a pass-through to Shodan's external database, meaning data operations risks are limited to the handling of external API responses.

L3 · Agent Frameworks✓ mapped

The MCP server exposes powerful reconnaissance tools (IP, DNS, CPE, and vulnerability lookups) to agent frameworks. The primary threat is tool misuse, where an autonomous agent could be manipulated via prompt injection to perform unauthorized scanning or leak sensitive target intelligence.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment (local node, container, etc.) is not specified. However, the Shodan API key represents a critical secret that must be securely injected and stored to prevent unauthorized access and financial drain.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, rate-limiting, or guardrails to monitor and restrict the types of queries or targets the agent is allowed to research.

L6 · Security & Compliance (cross-cutting)✓ mapped

Security controls are largely delegated to the Shodan API key's scope and cost limits. The MCP server itself does not appear to implement independent authentication, authorization, or policy enforcement mechanisms.

L7 · Agent Ecosystem✓ mapped

By providing internet-wide reconnaissance data, this tool significantly elevates the capabilities of other agents in a multi-agent ecosystem. A compromised orchestrator or peer agent could abuse this tool to map out attack surfaces of target networks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).