AgentReadyHomeAgent Listing

← SuperClaude Framework

SuperClaude Framework — agentic threat model

9.0AIVSS 9.0 · Critical

SuperClaude Framework increases the attack surface of Claude Code by introducing a Python-based installer and a large, unverified command/persona configuration surface. Because it operates locally with filesystem and terminal access, compromised configurations or malicious slash commands pose a direct risk of arbitrary code execution on developer workstations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.4AARS uplift 0.62Factor sum 3.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.50
Goal-Driven Planning
0.40
Self-Modification
0.30
Dynamic Tool Use
0.60
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The framework relies on Claude Code's underlying foundation models (Anthropic Claude) and does not host or manage its own LLMs, though its cognitive personas heavily influence model alignment and behavior.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — There is no mention of dedicated vector databases, RAG pipelines, or data operations, though it writes configuration files directly to the local Claude Code directory.

L3 · Agent Frameworks✓ mapped

The framework directly manipulates the agent orchestration layer by injecting custom slash commands and cognitive personas. This creates a large, non-standard instruction surface that could be exploited via prompt injection or malicious command definitions.

L4 · Deployment & Infrastructure✓ mapped

The use of a Python-based installer to write directly into the local Claude Code configuration directory presents a significant deployment risk, potentially allowing local privilege escalation or arbitrary file writes if the installer is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There are no explicit evaluation, logging, or guardrail mechanisms mentioned to monitor the execution or safety of the custom slash commands.

L6 · Security & Compliance (cross-cutting)✓ mapped

As a free, open-source configuration tool, there are no built-in enterprise security controls, access policies, or compliance frameworks mentioned.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While it enhances Claude Code (an agentic CLI), there is no explicit multi-agent coordination or ecosystem marketplace integration described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).