cc-statusline (chongdashu) — agentic threat model
cc-statusline is a low-autonomy UI plugin for Claude Code with minimal inherent agentic risk, but it poses local supply-chain and metadata exposure risks due to its execution within the user's local terminal and access to session JSON.
OWASP AIVSS score rationale
| Autonomy of Action | 0.00 | |
| Goal-Driven Planning | 0.00 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.20 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The plugin itself does not appear to interact directly with or customize foundation models, but rather displays model metadata (info, cost) extracted from the Claude Code session JSON.
The plugin reads local directory paths, git branch names, and session JSON. Threats include unauthorized exposure of sensitive directory names or git branch metadata if the statusline output is leaked or logged insecurely.
Integrates via the Claude Code 'statusLine' hook. Vulnerabilities in the hook integration or parsing of the piped session JSON could lead to injection attacks if the session JSON contains untrusted, unescaped data.
Not certain from the listing — Runs locally within the user's terminal/development environment as part of Claude Code. If compromised via a supply chain attack, it inherits the user's local shell privileges.
Acts as an observability tool itself (tracking session cost, time, and model info). However, it lacks self-monitoring or integrity checks, meaning malicious modifications to its rendering logic would go unnoticed.
Not certain from the listing — No built-in authentication, authorization, or audit logging is mentioned. Compliance relies entirely on the host Claude Code environment and the user's local system security.
Operates as a plugin within the Claude Code ecosystem. A compromised plugin could act as a malicious observer, exfiltrating session metadata or git details to unauthorized external entities.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).