AgentReadyHomeAgent Listing

← ChatRecap AI

ChatRecap AI — agentic threat model

6.7AIVSS 6.7 · Medium

ChatRecap AI presents a low agentic risk due to its passive, analytical nature, but carries high data privacy risks as it processes highly sensitive personal chat histories. The primary threat vector is the potential exposure of decrypted conversation data during analysis despite claims of end-to-end encryption.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.37Factor sum 1.4/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs prompted for sentiment and relationship analysis. The primary threat is prompt injection embedded within uploaded chat logs, which could manipulate the analysis output or cause the model to leak system instructions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — claims 'no data stored' and 'end-to-end encrypted processing'. However, the ingestion pipeline must decrypt chat exports (e.g., WhatsApp/Telegram TXT/JSON files) to analyze them, posing risks of temporary data exposure in memory, application logs, or transient caches.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic orchestration framework to parse chat files and structure prompts. Vulnerabilities include insecure file parsing of uploaded chat logs, which could lead to denial of service or local file inclusion if the parser is poorly configured.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a web application (chatrecap-ai.net). Standard web infrastructure threats apply, such as insecure transport protocols, lack of rate limiting on file uploads, and potential container escape if the chat parsing environment is not properly sandboxed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of observability, guardrails, or evaluation metrics. There is a risk of silent failures, biased relationship analysis, or hallucinated 'red flags' without adequate output validation or user feedback loops.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — claims 'Private & Secure' but lacks visible compliance certifications (e.g., GDPR, SOC2). Handling highly intimate personal communication data requires rigorous privacy controls that are unverified in this closed-source, freemium model.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone analytical tool with no apparent multi-agent coordination, marketplace integrations, or external ecosystem dependencies.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).