AgentReadyHomeAgent Listing

← security-sweep

security-sweep — agentic threat model

8.8AIVSS 8.8 · High

security-sweep operates as a local CLI plugin with deep access to source code and secrets, presenting a high-impact risk if compromised despite its security-focused design. Its primary risks stem from running in the highly privileged Claude Code environment without explicit sandboxing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.33Factor sum 2.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.30
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin relies on Claude Code's underlying LLM (likely Claude 3.5 Sonnet) for AI-specific vulnerability checks. Threats include prompt injection within scanned files that could manipulate the scanner's output or cause the model to ignore actual vulnerabilities.

L2 · Data Operations✓ mapped

The plugin directly accesses and processes local source code, configuration files, and potentially hardcoded secrets. Threats include data exfiltration of intellectual property or sensitive credentials if the plugin or its dependencies are compromised.

L3 · Agent Frameworks✓ mapped

As a Claude Code plugin, it integrates directly into the agent's tool-calling framework. Threats include insecure tool integration where malicious codebase inputs could exploit the plugin's parser, leading to command injection or unauthorized file reads within the parent framework.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The plugin runs locally within the user's terminal environment via Claude Code. Threats include local privilege escalation or unauthorized filesystem traversal if the execution environment lacks strict containerization or sandboxing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, evaluation guardrails, or telemetry. This creates blind spots regarding what files were scanned and whether the scan results were tampered with or leaked.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The plugin lacks explicit authentication, authorization, or policy enforcement mechanisms of its own, relying entirely on the host system's user permissions and Claude Code's configuration.

L7 · Agent Ecosystem✓ mapped

The plugin exists within the Claude Code plugin ecosystem. Threats include supply chain attacks, such as malicious updates to the open-source repository or dependency confusion, which could compromise the host agent and the developer's machine.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).