AgentReadyHomeAgent Listing

← Aikido Claude Plugin (Aikido MCP)

Aikido Claude Plugin (Aikido MCP) — agentic threat model

7.2AIVSS 7.2 · High

The Aikido Claude Plugin presents a moderate security risk, primarily centered around its access to local source code and its reliance on an API token to communicate with external Aikido services. While it acts as a security-enhancing tool, its integration via MCP means a compromise of the host agent (Claude Code) could lead to source code exfiltration or API token abuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.45Factor sum 1.8/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin relies on Claude Code's underlying foundation model (e.g., Claude 3.5 Sonnet). Threats include prompt injection bypassing the scan or tricking the model into ignoring Aikido's findings.

L2 · Data Operations✓ mapped

The plugin reads local source code files to perform scans. Threats include unauthorized exfiltration of sensitive source code or exposure of hardcoded secrets during the data transit to Aikido's APIs.

L3 · Agent Frameworks✓ mapped

Integrates via the Model Context Protocol (MCP) with Claude Code. Threats include insecure tool integration, where Claude Code could be manipulated via prompt injection to send arbitrary files or sensitive system data to the Aikido API tool.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The MCP server runs locally alongside Claude Code, communicating with Aikido's cloud backend. Threats include insecure local storage of the Aikido API token or interception of local MCP loopback traffic.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — It is designed to observe and evaluate code for vulnerabilities, but lacks explicit details on how its own operations, API calls, and scan failures are logged or monitored for anomalies.

L6 · Security & Compliance (cross-cutting)✓ mapped

Relies on an Aikido API token for authentication. Compliance risks involve sending proprietary source code to a third-party SaaS (Aikido) for scanning, which may violate strict data residency or privacy policies.

L7 · Agent Ecosystem✓ mapped

Operates as an MCP tool within the Claude Code ecosystem. A compromise of Claude Code or another active MCP tool could allow malicious actors to abuse the Aikido tool, potentially leaking code or exhausting API quotas.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).