AgentReadyHomeAgent Listing

← anthropic-docs

anthropic-docs — agentic threat model

8.1AIVSS 8.1 · High

This agent plugin poses a moderate risk primarily centered on supply-chain and RAG poisoning, as it dynamically fetches and caches external documentation to guide developer actions within Claude Code.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.55Factor sum 2.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.30
Non-Determinism
0.40
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, but as a Claude Code plugin, it likely relies on Claude 3.5 Sonnet. The primary threat is indirect prompt injection if malicious instructions are embedded in the fetched documentation.

L2 · Data Operations✓ mapped

The plugin dynamically fetches and caches documentation from the Anthropic ecosystem. This introduces a high risk of RAG/knowledge-base poisoning if the upstream documentation sources or the transit path are compromised.

L3 · Agent Frameworks✓ mapped

Integrates as a multi-skill reference tool within Claude Code. Vulnerabilities could arise from insecure tool integration, such as SSRF or path traversal during the fetching and caching of doc content.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment is local to the developer's machine running Claude Code. If the caching mechanism does not restrict file paths, it could lead to local directory traversal or unauthorized file writes.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrails to verify the integrity of the fetched documentation before it is presented to the LLM.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The plugin is open source and free, with no explicit security compliance, signature verification, or access control mechanisms detailed for the update process.

L7 · Agent Ecosystem✓ mapped

Designed to support the Model Context Protocol (MCP) and Claude Code ecosystem. A compromise in this plugin could propagate trust issues horizontally to other MCP-compliant agents relying on its cached data.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).