AgentReadyHomeAgent ListingPricing

← WunderTrading AI Trading Bot

WunderTrading AI Trading Bot — agentic threat model

8.8AIVSS 8.8 · High

WunderTrading AI Trading Bot presents a high-risk profile due to its direct execution capabilities on live cryptocurrency exchanges. A compromise of the platform or connected LLM agents could lead to immediate financial loss through unauthorized trading, portfolio liquidation, or API key theft.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.1AARS uplift 0.66Factor sum 6.7/10Threat ×1.1Mitigation ×0.9
Autonomy of Action
0.90
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.70
Multi-Agent Interactions
0.60
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The platform allows users to connect external models like Claude or GPT via MCP/REST API. Threats include prompt injection leading to unauthorized trade execution, or adversarial market data manipulating the LLM's trading decisions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform processes market data, sentiment feeds, and portfolio states. Threats include poisoning of sentiment data feeds or market signals, leading to bad automated trades.

L3 · Agent Frameworks✓ mapped

The platform acts as an execution framework connecting LLMs to exchanges via MCP and REST APIs. Threats include tool misuse (e.g., executing massive unintended trades), insecure API key handling, and prompt injection bypassing trading guardrails.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a closed-source SaaS platform connecting to external APIs, threats include exposure of exchange API keys stored in the infrastructure, and lack of sandboxing for custom execution scripts.

L5 · Evaluation & Observability✓ mapped

The platform provides paper trading for testing and validation. However, there is a threat of insufficient real-time guardrails or anomaly detection to halt runaway trading loops or anomalous API behavior in live environments.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The platform manages highly sensitive exchange API credentials. Threats include weak access controls, lack of multi-factor authentication for API actions, and non-compliance with financial custody regulations.

L7 · Agent Ecosystem✓ mapped

Designed to integrate with external AI agents and algorithmic systems via MCP. Threats include rogue external agents sending malicious trading signals, cascading failures across multi-agent copy-trading networks, and unauthorized agent-to-agent trust exploitation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.