Skill Scanner — agentic threat model
Skill Scanner is a security-focused static and semantic analysis tool integrated into CI/CD pipelines. Its primary risk lies in its potential bypass or manipulation as a security gate, which could allow malicious agent skills to infiltrate production environments or compromise the CI/CD runner.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.30 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Uses LLM-assisted semantic review to analyze skills. This introduces risks of adversarial evasion, where a malicious skill is crafted specifically to bypass the LLM's semantic detection rules.
Not certain from the listing — The tool processes local skill files, YAML, and code within a CI/CD workspace, but there is no mention of persistent databases, vector stores, or RAG operations.
The scanner parses agent framework configurations (OpenAI Codex, Cursor Agent Skills). Vulnerabilities in the parsing logic of these framework-specific formats could lead to parser exploits or denial of service.
Designed for CI/CD environments (e.g., GitHub Actions). If the scanner is compromised or contains a remote code execution vulnerability, an attacker could escalate privileges to compromise the host runner or access repository secrets.
Acts as an evaluation and guardrail tool by outputting SARIF reports. The primary threat is detection blind spots or false negatives in the YARA/dataflow engines that allow malicious skills to pass undetected.
Enables automated security gating and compliance checks in software development lifecycles. However, the listing does not detail internal access controls or authentication mechanisms for the scanner itself.
Directly addresses ecosystem risks by scanning third-party agent skills before deployment, mitigating the risk of cascading failures or malicious actions from untrusted marketplace skills.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.