← Aikido Claude Plugin (Aikido MCP)
Aikido Claude Plugin (Aikido MCP) — agentic threat model
The Aikido Claude Plugin presents a moderate security risk, primarily centered around its access to local source code and its reliance on an API token to communicate with external Aikido services. While it acts as a security-enhancing tool, its integration via MCP means a compromise of the host agent (Claude Code) could lead to source code exfiltration or API token abuse.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.30 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.20 | |
| Opacity & Reflexivity | 0.20 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The plugin relies on Claude Code's underlying foundation model (e.g., Claude 3.5 Sonnet). Threats include prompt injection bypassing the scan or tricking the model into ignoring Aikido's findings.
The plugin reads local source code files to perform scans. Threats include unauthorized exfiltration of sensitive source code or exposure of hardcoded secrets during the data transit to Aikido's APIs.
Integrates via the Model Context Protocol (MCP) with Claude Code. Threats include insecure tool integration, where Claude Code could be manipulated via prompt injection to send arbitrary files or sensitive system data to the Aikido API tool.
Not certain from the listing — The MCP server runs locally alongside Claude Code, communicating with Aikido's cloud backend. Threats include insecure local storage of the Aikido API token or interception of local MCP loopback traffic.
Not certain from the listing — It is designed to observe and evaluate code for vulnerabilities, but lacks explicit details on how its own operations, API calls, and scan failures are logged or monitored for anomalies.
Relies on an Aikido API token for authentication. Compliance risks involve sending proprietary source code to a third-party SaaS (Aikido) for scanning, which may violate strict data residency or privacy policies.
Operates as an MCP tool within the Claude Code ecosystem. A compromise of Claude Code or another active MCP tool could allow malicious actors to abuse the Aikido tool, potentially leaking code or exhausting API quotas.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).