AgentReadyHomeAgent ListingPricing

← ResearchClaw

ResearchClaw — agentic threat model

7.6AIVSS 7.6 · High

ResearchClaw presents moderate agentic risk primarily due to its automated outreach capabilities and reliance on external, untrusted academic data sources (arXiv, OpenAlex) which could be vectors for prompt injection. If compromised or manipulated via poisoned paper metadata, it could automate spam or malicious outreach, leading to reputational and compliance risks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.33Factor sum 3.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses LLMs to decompose plain English queries, generate hiring theses, and draft personalized cold emails. The primary threat is indirect prompt injection where malicious academic papers or metadata ingested from external sources manipulate the LLM's output, leading to rogue email generation or data exfiltration.

L2 · Data Operations✓ mapped

Ingests paper metadata from Semantic Scholar, arXiv, and OpenAlex, and utilizes vector stores for cosine similarity ranking. Threats include data poisoning (adversaries uploading papers with embedded prompt injections to manipulate rankings or hijack the LLM) and embedding inversion.

L3 · Agent Frameworks✓ mapped

Powered by the OpenClaw framework to orchestrate search, ranking, and email drafting. Vulnerabilities in the orchestration logic or insecure tool integration (e.g., outreach automation APIs, CSV export libraries) could allow attackers to execute unauthorized actions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as an open-source tool, deployment is likely self-hosted or local. Risks depend heavily on the user's environment, including insecure storage of LLM/academic API keys and lack of sandboxing for CSV generation or outreach execution.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in evaluation, monitoring, or guardrails to detect anomalous queries, biased ranking, or malicious email drafts before they are sent via outreach automation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — processing researcher data and automating cold outreach introduces significant compliance risks (GDPR/CCPA for data scraping, CAN-SPAM/GDPR for automated emailing) which are not addressed in the public directory listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while it integrates with external APIs and outreach tools, there is no explicit multi-agent coordination or marketplace interaction described that would introduce cascading ecosystem failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.