AgentReadyHomeAgent Listing

← Armor Crypto MCP

Armor Crypto MCP — agentic threat model

9.4AIVSS 9.4 · Critical

Armor Crypto MCP presents an exceptionally high-risk profile due to its direct integration with multi-chain wallets and transaction execution capabilities. A compromise of the agent or its host environment could lead to immediate, irreversible financial loss through unauthorized asset transfers, swaps, or bridging.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.8AARS uplift 0.11Factor sum 5.2/10Threat ×1.1Mitigation ×0.95
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.80
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on the host application's underlying LLM (e.g., Claude via Claude Desktop). Threats include prompt injection leading to unauthorized transaction generation or signature requests.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — does not explicitly mention RAG or vector databases, but handles blockchain state data. Threats include poisoning of price feeds or transaction history data.

L3 · Agent Frameworks✓ mapped

Implements the Model Context Protocol (MCP) to expose tools for wallet management, swaps, and staking. Vulnerabilities include tool misuse, where malicious prompts trick the agent into executing unauthorized transfers or interacting with malicious smart contracts.

L4 · Deployment & Infrastructure✓ mapped

Deployed as an MCP server, typically running locally or in a container. Key custody is the primary infrastructure risk; if the host environment is compromised, private keys or API credentials used for transaction signing can be exfiltrated.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no built-in logging, guardrails, or transaction simulation features are described. Lack of observability could allow silent transaction manipulation or unauthorized fund movement to go unnoticed.

L6 · Security & Compliance (cross-cutting)✓ mapped

Crucial layer for this agent as it handles financial transactions. The listing notes that 'key custody and action confirmation are paramount,' but does not detail built-in multi-sig, hardware wallet integration, or mandatory human-in-the-loop (HITL) confirmation.

L7 · Agent Ecosystem✓ mapped

As an MCP tool, it operates within a broader ecosystem where other agents or LLMs can invoke it. A compromised orchestrator agent could abuse this tool to drain wallets or execute unfavorable trades without user consent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).