AgentReadyHomeAgent ListingPricing

← Reiki by Web3Go

Reiki by Web3Go — agentic threat model

8.3AIVSS 8.3 · High

Reiki by Web3Go presents a unique risk profile due to its integration of AI agent marketplaces with blockchain-based monetization and ownership. The primary threat vectors involve financial/IP theft via compromised marketplace agents, smart contract vulnerabilities, and the lack of visible sandboxing for user-deployed agents.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.29Factor sum 4.9/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.50
Goal-Driven Planning
0.40
Self-Modification
0.20
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.60
Multi-Agent Interactions
0.70
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models utilized by Reiki are not disclosed. However, as a creator platform, it likely supports multiple third-party LLMs, exposing deployed agents to standard prompt injection, model alignment issues, and adversarial exploitation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The mechanisms for data operations, vector storage, and RAG are not detailed. There is a risk of data poisoning or intellectual property leakage if creators upload proprietary datasets to train or ground their marketplace agents.

L3 · Agent Frameworks✓ mapped

Reiki provides pre-built components and customizable templates to orchestrate agent behavior. Vulnerabilities in these templates or insecure tool integrations could allow malicious users to hijack agent execution paths or abuse integrated APIs.

L4 · Deployment & Infrastructure✓ mapped

The platform hosts and deploys user-created agents. Without strict containerization and sandboxing, hosting user-generated agent code poses risks of privilege escalation, lateral movement, and infrastructure resource abuse.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrail systems to monitor agent behavior, detect drift, or prevent malicious outputs post-deployment.

L6 · Security & Compliance (cross-cutting)✓ mapped

Security controls heavily emphasize on-chain ownership proof to protect intellectual property. However, traditional enterprise security controls, access management (IAM), and regulatory compliance frameworks are not highlighted.

L7 · Agent Ecosystem✓ mapped

As an AI agent marketplace, the ecosystem layer is highly critical. Risks include the distribution of rogue or backdoored agents, trust abuse between interacting agents, and cascading failures if a widely integrated marketplace agent is compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.