AgentReadyHomeAgent Listing

← nlpm

nlpm — agentic threat model

8.8AIVSS 8.8 · High

The nlpm agent poses a moderate-to-high risk primarily due to its integration into CI/CD pipelines and local developer environments as a linter/validator. A compromise of its Python validator or MCP hooks could lead to arbitrary code execution in sensitive build environments.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.4AARS uplift 0.35Factor sum 2.1/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing mentions overlays for Claude and Codex but does not specify the exact underlying foundation models or their specific alignment, leaving it vulnerable to adversarial prompt injection if the scoring relies on live LLM evaluation.

L2 · Data Operations✓ mapped

Processes local natural-language programming artifacts, prompts, rules, and MCP configs. Threat: Poisoning of local prompt/rule files could lead to bypassed security checks or exfiltration of sensitive configuration data.

L3 · Agent Frameworks✓ mapped

Integrates as a Claude Code plugin and provides tool overlays. Threat: Maliciously crafted MCP configs or hooks could exploit the validator (bin/nlpm-check) during execution, leading to tool misuse or framework hijacking.

L4 · Deployment & Infrastructure✓ mapped

Runs locally or in CI/CD pipelines via bin/nlpm-check. Threat: Arbitrary code execution or privilege escalation within CI/CD environments if the linter or its hooks are compromised.

L5 · Evaluation & Observability✓ mapped

Acts as an evaluation tool (tier-aware NL artifact scoring). Threat: Gaming the scoring system with adversarial prompts that bypass linting rules but remain malicious at runtime.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No explicit authentication, authorization, or compliance frameworks are mentioned for the plugin or validator, suggesting it inherits the security posture of the host environment.

L7 · Agent Ecosystem✓ mapped

Interacts with Claude Code, Codex CLI, and Antigravity. Threat: Compromised plugins or upstream dependency vulnerabilities cascading into the host agent frameworks, leading to ecosystem-wide trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).