AgentReadyHomeAgent Listing

← AgentKey

AgentKey — agentic threat model

8.4AIVSS 8.4 · High

AgentKey acts as a high-exposure data gateway for developer-focused AI agents, introducing significant risk of data poisoning and indirect prompt injection from untrusted sources like social media and blockchain into sensitive IDE environments.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.88Factor sum 3.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.10
Contextual Awareness
0.60
Dynamic Identity
0.40
Multi-Agent Interactions
0.50
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — AgentKey is an MCP server (middleware/gateway) and does not host or define the foundation model itself; it connects external IDE agents (Claude Code, Cursor, Windsurf) to data sources.

L2 · Data Operations✓ mapped

Acts as a data gateway connecting agents to web search, X, Reddit, YouTube, and blockchain data. Threats include data poisoning from these untrusted external sources, data exfiltration via the gateway, and lack of data provenance/lineage for the retrieved real-time data.

L3 · Agent Frameworks✓ mapped

Integrates with Claude Code, Cursor, and Windsurf via MCP. Threats include insecure tool integration, tool misuse (e.g., executing malicious payloads retrieved from blockchain or social media), and lack of input validation on the MCP tool parameters.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment model (local MCP server vs. hosted gateway) is not fully specified, though it mentions 'single installation' and 'pay-as-you-go pricing', suggesting a hybrid or cloud-hosted API gateway component. Threats include exposed API keys, credential theft for the data sources, and lack of sandboxing for the MCP server process.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of built-in logging, guardrails, or evaluation metrics for the data flowing through the MCP server.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No explicit mention of authentication, authorization, or compliance standards (like SOC2) for managing access to the data sources or the pay-as-you-go billing system.

L7 · Agent Ecosystem✓ mapped

High relevance. It is a unified interface for agent connectivity (A2A/A2System), enabling IDE agents (Claude Code, Cursor) to interact with external ecosystems (social media, blockchain). Threats include cascading failures if the gateway is compromised, and malicious agents abusing the gateway to spam or scrape platforms.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).