AgentReadyHomeAgent Listing

← OpenManus

OpenManus — agentic threat model

9.4AIVSS 9.4 · Critical

OpenManus is a highly autonomous, planning-capable agent platform built by the MetaGPT community, presenting significant risks of tool misuse and unauthorized API execution due to its open-ended workflow automation capabilities and lack of built-in security guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.95Factor sum 6.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.90
Self-Modification
0.30
Dynamic Tool Use
0.80
Persistent Memory
0.50
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.80
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The platform uses advanced language models but does not specify which foundation models are supported or how it mitigates model-level threats like prompt injection or adversarial reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — While it supports data analysis, the listing does not detail the underlying data operations, vector databases, or RAG architectures, leaving potential gaps in data exfiltration and poisoning defenses.

L3 · Agent Frameworks✓ mapped

Built on MetaGPT community standards, the framework orchestrates complex planning and tool execution. This introduces high risks of tool misuse, insecure API integrations, and prompt injection leading to unauthorized system actions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As an open-source platform, deployment and infrastructure security (such as sandboxing tool execution or managing API secrets) are left entirely to the end-user's implementation.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, guardrails, or observability features to monitor agent decisions or detect anomalous behavior during execution.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The description lacks any mention of enterprise security controls, identity management, access policies, or compliance certifications.

L7 · Agent Ecosystem✓ mapped

Being built by the MetaGPT community, the platform is designed for multi-agent collaboration and modular tool integration, which increases the risk of cascading failures and agent-to-agent trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).