← AiderDesk Connector (IntelliJ)
AiderDesk Connector (IntelliJ) — agentic threat model
The AiderDesk Connector is a low-autonomy integration plugin that exposes developer context (open files) over a local WebSocket. Its primary security risks stem from local network exposure, potential lack of WebSocket authentication, and the passive exfiltration of sensitive codebase metadata.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.00 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.30 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — This connector is a telemetry and state-reporting plugin and does not directly host or run foundation models; model-related threats like adversarial examples or poisoning apply to the connected AiderDesk app rather than this plugin.
The plugin tracks and transmits active IDE open-file states. The primary threat is unauthorized exfiltration or sniffing of sensitive file paths and active code context via the unencrypted local WebSocket.
The plugin acts as a state provider for the AiderDesk framework. Insecure integration or lack of validation on the WebSocket connection could allow a malicious local process to spoof file states or hijack the context stream.
The plugin binds to a local WebSocket port (24337) and auto-starts with the IDE. Threats include local port hijacking, lack of origin checks on the WebSocket, and potential cross-site WebSocket hijacking (CSWSH) if not properly bound to localhost.
Not certain from the listing — There is no mention of built-in logging, guardrails, or telemetry monitoring for the WebSocket connection, creating potential blind spots if the connection is abused.
Not certain from the listing — The plugin lacks explicit authentication or authorization mechanisms for the WebSocket connection, raising compliance concerns regarding intellectual property exposure.
The plugin establishes a direct agent-to-agent (or tool-to-agent) trust relationship with AiderDesk. A compromise of the AiderDesk desktop application could allow it to abuse this connector to monitor developer activity.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).