AgentReadyHomeAgent Listing

← ccstatusline

ccstatusline — agentic threat model

8.0AIVSS 8.0 · High

ccstatusline is a local CLI statusline utility with low inherent agentic autonomy, but it presents a significant supply chain risk (via npm/npx execution) and potential exposure of sensitive Claude Code session data if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.15Factor sum 0.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — ccstatusline is a local CLI rendering tool and does not directly host or execute foundation models, though it visualizes status for Claude Code.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The tool reads session JSON piped from Claude Code, but does not manage vector databases, RAG pipelines, or training data operations.

L3 · Agent Frameworks✓ mapped

Integrates directly with Claude Code's statusLine hook. If the session JSON parsed by the tool is manipulated or contains malicious payloads, it could exploit parsing vulnerabilities within the statusline script.

L4 · Deployment & Infrastructure✓ mapped

Runs locally on the developer's machine via 'npx ccstatusline@latest'. This introduces a critical supply chain risk where a compromise of the npm package could lead to arbitrary code execution on the host system.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There are no mentioned evaluation, guardrail, or observability logging mechanisms built into this statusline renderer.

L6 · Security & Compliance (cross-cutting)✓ mapped

Lacks explicit security controls, authentication, or sandboxing; it runs with the permissions of the local user executing the Claude Code CLI.

L7 · Agent Ecosystem✓ mapped

Acts as an ecosystem plugin for Claude Code. A compromised statusline plugin could exfiltrate sensitive session data, commands, or code snippets piped from the main Claude Code agent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).