AgentReadyHomeAgent Listing

← security-scanning

security-scanning — agentic threat model

8.5AIVSS 8.5 · High

This agent possesses high risk due to its deep access to codebases, dependencies, and container environments, combined with the authority to perform automated hardening. A compromise could lead to supply chain attacks or codebase exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.9Factor sum 6.0/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.70
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.90
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.80
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — while it runs as a Claude Code plugin (implying Claude models), the specific underlying LLM is not detailed. Threats include adversarial prompt injection to bypass security checks or trick the model into ignoring vulnerabilities.

L2 · Data Operations✓ mapped

Operates directly on the codebase, dependency trees, and container configurations. Threats include data exfiltration of proprietary code and poisoning of dependency files to manipulate scanner results.

L3 · Agent Frameworks✓ mapped

Bundles security subagents and commands. Threats include insecure tool integration where subagents execute arbitrary shell commands during SAST or hardening, leading to local command injection.

L4 · Deployment & Infrastructure✓ mapped

Runs locally or in CI/CD environments via Claude Code. Threats include container/host compromise and privilege escalation if the plugin runs with elevated permissions to perform container hardening.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in guardrails, logging, or evaluation frameworks to monitor the subagents' decisions or detect drift in vulnerability classifications.

L6 · Security & Compliance (cross-cutting)✓ mapped

Directly addresses OWASP Top 10 compliance and container hardening. Threats include policy bypass, false sense of security from incomplete scans, and lack of authorization controls over who can trigger automated code modifications.

L7 · Agent Ecosystem✓ mapped

Distributed via the claude-code-workflows marketplace and coordinates multiple subagents. Threats include marketplace supply chain attacks (compromised plugin updates) and cascading failures from rogue subagent interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).