AgentReadyHomeAgent Listing

← agntk

agntk — agentic threat model

9.6AIVSS 9.6 · Critical

agntk presents a high-risk profile due to its local execution model, persistent named agents, and 20+ built-in tools running directly on host hardware, which can lead to host compromise if malicious prompts are processed.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.78Factor sum 5.9/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.30
Dynamic Tool Use
0.90
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.40
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes local models with hardware-aware selection. Threats include model reprogramming and adversarial prompt injection that can bypass local safety alignments, especially when executing local CLI commands.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely interacts with local files and codebase context as a Claude Code plugin. Gaps in data lineage or lack of input sanitization could allow local data exfiltration or poisoning of the agent's context.

L3 · Agent Frameworks✓ mapped

Features persistent named agents and 20+ built-in tools. High risk of tool misuse, insecure tool integration, and prompt injection leading to arbitrary local command execution via the CLI framework.

L4 · Deployment & Infrastructure✓ mapped

Runs locally as a CLI tool/plugin. Lacks built-in sandboxing or containerization by default, making host compromise, privilege escalation, and lateral movement highly plausible if the agent is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit mention of local logging, guardrails, or evaluation frameworks to detect anomalous tool execution or malicious command drift.

L6 · Security & Compliance (cross-cutting)✓ mapped

Being an open-source, zero-config local CLI tool, it lacks centralized identity, authorization policies, or audit trails, relying entirely on the host user's operating system permissions.

L7 · Agent Ecosystem✓ mapped

Operates as a Claude Code plugin/toolkit. Risks include cascading failures or trust abuse if integrated with other upstream developer agents or external package ecosystems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).