AgentReadyHomeAgent Listing

← Accurate Period Calculator

Accurate Period Calculator — agentic threat model

2.6AIVSS 2.6 · Low

The Accurate Period Calculator exhibits extremely low agentic risk due to its lack of autonomy, persistent memory, and data storage. The primary risk is limited to potential misinformation or incorrect calculations if the underlying model or logic is manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 3.5AARS uplift 0.23Factor sum 0.4/10Threat ×0.9Mitigation ×0.7
Autonomy of Action
0.00
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing does not specify if an LLM is used or if it is a purely deterministic algorithmic calculator. If an LLM is used for the interface, it could be vulnerable to prompt injection or misaligned outputs leading to incorrect medical advice.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Since it states 'no data storage required' and '100% private', there is likely no persistent database or RAG vector store, minimizing data exfiltration or poisoning risks.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — It is unclear if an agentic framework is used or if it is a simple single-turn calculator. Tool misuse is low risk as it only calculates dates.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — No details on hosting or sandboxing are provided, but being open-source allows self-hosting, which shifts infrastructure security responsibilities to the deployer.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of logging or guardrails, though the lack of data storage suggests minimal to no logging of user inputs to preserve privacy.

L6 · Security & Compliance (cross-cutting)✓ mapped

The tool is designed with privacy-by-design (no login, anonymous, no data storage), which aligns well with health data privacy principles (like GDPR data minimization), though it lacks formal compliance certifications.

L7 · Agent Ecosystem✓ mapped

This is a standalone horizontal tool with no multi-agent or ecosystem integration described, meaning zero risk of cascading agent-to-agent failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).