AgentReadyHomeAgent Listing

← Arnis

Arnis — agentic threat model

6.3AIVSS 6.3 · Medium

Arnis is a low-risk, procedural map-generation utility with minimal agentic capabilities, posing virtually no autonomous threat. The primary security risks are limited to traditional web vulnerabilities, such as client-side malicious file generation or server-side denial of service via large OpenStreetMap queries.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.1AARS uplift 0.21Factor sum 0.6/10Threat ×0.9Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Arnis appears to be a procedural/algorithmic converter rather than an LLM-based agent, meaning foundation model threats like adversarial reprogramming or prompt injection are likely inapplicable.

L2 · Data Operations✓ mapped

Ingests external OpenStreetMap (OSM) data. Threats include data poisoning where malicious or malformed OSM data is used to cause parser errors, application crashes, or generate offensive/unexpected map geometry.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The tool likely uses standard procedural code rather than an AI agent orchestration framework. Risks of tool misuse or autonomous planning vulnerabilities are absent.

L4 · Deployment & Infrastructure✓ mapped

Hosted as a browser-based tool. Key threats include server-side resource exhaustion (DoS) if users request extremely large map areas for conversion, and potential vulnerabilities in the ZIP/.mcworld generation libraries.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of logging, input validation limits, or observability tools to monitor abuse or anomalous generation requests.

L6 · Security & Compliance (cross-cutting)✓ mapped

Operates with a 'no signup required' model, meaning there are no identity, authentication, or authorization controls. While this minimizes PII collection, it prevents rate limiting or user-based access policies.

L7 · Agent Ecosystem✓ mapped

The tool operates as a standalone utility with no multi-agent coordination, marketplace integrations, or external agent-to-agent trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).