AgentReadyHomeAgent Listing

← macos-cleaner

macos-cleaner — agentic threat model

6.6AIVSS 6.6 · Medium

The macos-cleaner agent presents a high-impact risk due to its ability to delete files on the host filesystem, though this is mitigated by a mandatory user-confirmation gate. Prompt injection or framework-level bypasses remain critical vectors that could lead to accidental or malicious data loss.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.46Factor sum 2.1/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the underlying LLM is not specified, but threats include prompt injection leading to unauthorized file deletion recommendations or attempts to bypass confirmation gates.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — no dedicated vector store or RAG is mentioned, but the agent reads local filesystem metadata which could contain sensitive file paths or names.

L3 · Agent Frameworks✓ mapped

The agent uses tools to scan the filesystem and delete files. Vulnerabilities in tool execution or prompt injection could lead to directory traversal or deletion of critical system files.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — runs on the host macOS environment. Without strict sandboxing, a compromise of this skill could lead to arbitrary local command execution or host compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit logging, guardrails, or evaluation metrics are described to monitor the safety of deletion recommendations.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent implements a Human-in-the-Loop (HITL) control requiring user confirmation before any file deletion, mitigating unauthorized destructive actions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — this is a standalone community skill; no multi-agent interactions or marketplace integrations are detailed.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).