AgentReadyHomeAgent Listing

← AiderDesk Connector (IntelliJ)

AiderDesk Connector (IntelliJ) — agentic threat model

5.2AIVSS 5.2 · Medium

The AiderDesk Connector is a low-autonomy integration plugin that exposes developer context (open files) over a local WebSocket. Its primary security risks stem from local network exposure, potential lack of WebSocket authentication, and the passive exfiltration of sensitive codebase metadata.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.52Factor sum 1.1/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.30
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — This connector is a telemetry and state-reporting plugin and does not directly host or run foundation models; model-related threats like adversarial examples or poisoning apply to the connected AiderDesk app rather than this plugin.

L2 · Data Operations✓ mapped

The plugin tracks and transmits active IDE open-file states. The primary threat is unauthorized exfiltration or sniffing of sensitive file paths and active code context via the unencrypted local WebSocket.

L3 · Agent Frameworks✓ mapped

The plugin acts as a state provider for the AiderDesk framework. Insecure integration or lack of validation on the WebSocket connection could allow a malicious local process to spoof file states or hijack the context stream.

L4 · Deployment & Infrastructure✓ mapped

The plugin binds to a local WebSocket port (24337) and auto-starts with the IDE. Threats include local port hijacking, lack of origin checks on the WebSocket, and potential cross-site WebSocket hijacking (CSWSH) if not properly bound to localhost.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, guardrails, or telemetry monitoring for the WebSocket connection, creating potential blind spots if the connection is abused.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The plugin lacks explicit authentication or authorization mechanisms for the WebSocket connection, raising compliance concerns regarding intellectual property exposure.

L7 · Agent Ecosystem✓ mapped

The plugin establishes a direct agent-to-agent (or tool-to-agent) trust relationship with AiderDesk. A compromise of the AiderDesk desktop application could allow it to abuse this connector to monitor developer activity.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).