AgentReadyHomeAgent Listing

← Aider Companion (JetBrains)

Aider Companion (JetBrains) — agentic threat model

7.0AIVSS 7.0 · High

Aider Companion acts as a local bridge exposing IDE state via an unauthenticated REST server, presenting a low-autonomy but high-exposure local network attack surface that could leak sensitive file paths and source code context.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.51Factor sum 1.4/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.00
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.80
Dynamic Identity
0.00
Multi-Agent Interactions
0.40
Non-Determinism
0.00
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin itself does not bundle or run a foundation model; it merely exposes local IDE context to external LLM clients like Aider. Model-level threats depend entirely on the external Aider configuration.

L2 · Data Operations✓ mapped

The plugin directly handles active data operations by reading and exposing the list of currently open files in the IDE. The primary threat is unauthorized data exfiltration of sensitive source code paths and active context to unauthorized local network actors.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — This plugin acts as a passive context provider rather than an active agent framework. Framework-level threats (such as insecure tool execution or planning loops) reside in the external Aider CLI tool, not this companion plugin.

L4 · Deployment & Infrastructure✓ mapped

The core risk lies in this layer: the plugin stands up a local HTTP REST server. If it binds to all interfaces (0.0.0.0) without restriction, it exposes the developer's active file paths and workspace structure to the local network, enabling lateral reconnaissance.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, request auditing, or telemetry to monitor which local clients are querying the REST endpoint for open-file context.

L6 · Security & Compliance (cross-cutting)✓ mapped

The plugin lacks apparent authentication or authorization mechanisms for its local REST server, creating a compliance and security gap regarding access control to local workspace metadata.

L7 · Agent Ecosystem✓ mapped

Exhibits basic ecosystem interaction by acting as a dedicated context bridge for the Aider agent. A compromised or malicious local agent could abuse this endpoint to silently track developer activity and open files.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).