AgentReadyHomeAgent Listing

← block-no-verify-hook

block-no-verify-hook — agentic threat model

5.8AIVSS 5.8 · Medium

This agent skill acts as a security guardrail to prevent other agents from bypassing pre-commit hooks, but because it operates within the local development environment and modifies tool-use interception, a compromise of its logic could allow silent execution of malicious shell commands.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.89Factor sum 2.4/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.40
Dynamic Tool Use
0.50
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.20
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The skill relies on Claude Code's underlying foundation model to interpret and execute the PreToolUse hook logic, making it susceptible to prompt injection or adversarial bypasses if the matching logic is model-driven rather than purely regex-based.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent skill does not appear to manage a vector database or external RAG pipeline, focusing instead on intercepting shell command strings before execution.

L3 · Agent Frameworks✓ mapped

Directly configures Claude Code's PreToolUse framework hook. A vulnerability or logic flaw in this hook's implementation could allow an agent to bypass the interception entirely or cause denial of service by blocking legitimate developer commands.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The skill runs locally within the user's development environment where Claude Code is installed. If compromised, it operates with the privileges of the local user executing the shell commands.

L5 · Evaluation & Observability✓ mapped

The skill acts as an inline guardrail and policy enforcement point. However, if it lacks tamper-proof logging, a malicious agent could bypass the hook and erase any trace of the '--no-verify' flag usage from local logs.

L6 · Security & Compliance (cross-cutting)✓ mapped

Directly addresses compliance and policy enforcement by preventing agents from skipping GPG signing and pre-commit security gates, ensuring repository integrity rules are technically enforced.

L7 · Agent Ecosystem✓ mapped

Designed to control and restrict the actions of other developer agents (like Claude Code) operating in the same workspace, mitigating the risk of a compromised agent committing unsigned or unverified code to a shared repository.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).