AgentReadyHomeAgent Listing

← mcp-builder

mcp-builder — agentic threat model

8.1AIVSS 8.1 · High

The mcp-builder agent acts as a specialized code generator and workflow assistant for creating Model Context Protocol servers. Its primary risk is indirect and supply-chain focused, where compromised or manipulated outputs could lead to the generation of vulnerable or backdoored tool schemas and server code.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.62Factor sum 2.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on Anthropic's Claude models. Threats include prompt injection that could manipulate the agent into generating insecure or malicious MCP server code.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely uses RAG or system prompts containing MCP specifications. Threats include outdated or poisoned documentation leading to the generation of non-functional or insecure tool schemas.

L3 · Agent Frameworks✓ mapped

The agent uses a structured 4-phase workflow (research, design, implement, evaluate) to orchestrate code generation. Threats include generating code with insecure defaults, hardcoded secrets, or vulnerabilities like SSRF in the resulting MCP servers.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely runs within a developer's local environment or a hosted IDE. Threats include the developer executing unverified generated code locally without proper sandboxing.

L5 · Evaluation & Observability✓ mapped

The agent guides the 'evaluate' phase for testing MCP servers. Threats include blind spots in the evaluation logic that fail to detect security flaws or input validation issues in the generated tools.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no explicit security compliance, static analysis, or licensing checks are mentioned for the generated code.

L7 · Agent Ecosystem✓ mapped

This agent is a critical ecosystem enabler, building the tools that other agents use to interact with the world. A compromise here represents a supply-chain threat, potentially introducing vulnerabilities into the broader multi-agent ecosystem.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).