AgentReadyHomeAgent Listing

← Awesome Claude Code Plugins

Awesome Claude Code Plugins — agentic threat model

9.5AIVSS 9.5 · Critical

The Awesome Claude Code Plugins marketplace presents a high supply-chain risk by aggregating 118 community-contributed plugins, subagents, and MCP servers without explicit security vetting, potentially allowing malicious code execution within a user's local Claude Code environment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.66Factor sum 5.0/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.20
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.70
Dynamic Identity
0.10
Multi-Agent Interactions
0.60
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The marketplace itself does not define the foundation model, but the plugins are designed to run on Claude, inheriting model-level vulnerabilities like prompt injection and adversarial reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The directory does not specify data storage or vector databases, though installed plugins/MCP servers will interact with local workspace data, risking unauthorized data access or exfiltration.

L3 · Agent Frameworks✓ mapped

The marketplace distributes orchestration components including subagents, MCP servers, and hooks, which directly expand Claude Code's tool-calling and event-handling capabilities, introducing significant risks of insecure tool integration.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment is Claude Code (typically a local developer CLI), meaning plugins run with local user privileges, creating a high risk of local host compromise if a malicious plugin is executed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, logging, or observability tools to monitor plugin behavior or detect anomalous execution at runtime.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The directory does not outline any access control, code signing, or compliance frameworks to govern which plugins can be installed or what permissions they receive.

L7 · Agent Ecosystem✓ mapped

As an aggregator of 118 community-contributed plugins and subagents, this ecosystem is highly vulnerable to supply chain attacks, rogue/compromised plugins, and cascading failures during multi-agent coordination.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).