AgentReadyHomeAgent Listing

← AiderDesk Connector (VS Code)

AiderDesk Connector (VS Code) — agentic threat model

7.0AIVSS 7.0 · High

The AiderDesk Connector poses a moderate security risk primarily due to its zero-config local WebSocket connection (port 24337) which streams sensitive workspace file paths without explicit authentication, potentially exposing local development context to unauthorized local processes or cross-origin attacks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.49Factor sum 1.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.60
Dynamic Identity
0.00
Multi-Agent Interactions
0.40
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The connector is a VS Code extension client and does not directly run or configure foundation models, though the downstream AiderDesk agent it connects to does.

L2 · Data Operations✓ mapped

Streams real-time open-file paths and workspace context. The primary risk is data exfiltration or exposure of sensitive file paths and contents to unauthorized local listeners.

L3 · Agent Frameworks✓ mapped

Acts as a context-gathering tool for the AiderDesk framework. Vulnerabilities in the extension's file-tracking logic could be exploited to map the host file system.

L4 · Deployment & Infrastructure✓ mapped

Opens a local WebSocket on port 24337 with zero-config auto-connect. This introduces risks of Cross-Site WebSocket Hijacking (CSWSH) or local port binding abuse by other malicious processes on the same machine.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of logging, connection auditing, or guardrails to restrict which file paths can be transmitted over the WebSocket.

L6 · Security & Compliance (cross-cutting)✓ mapped

Lacks explicit authentication or authorization mechanisms due to its 'zero-config auto-connect' design, failing to verify if the entity connecting to port 24337 is the legitimate AiderDesk application.

L7 · Agent Ecosystem✓ mapped

Establishes a direct agent-to-extension trust relationship. A compromised local agent or a malicious process masquerading as AiderDesk can abuse this trust to silently harvest workspace metadata.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).