AgentReadyHomeAgent Listing

← Claude Code Plugins Plus Skills

Claude Code Plugins Plus Skills — agentic threat model

9.5AIVSS 9.5 · Critical

This agent represents a high-risk package manager and marketplace distribution toolchain for Claude Code, capable of installing and executing hundreds of third-party plugins and skills directly on a developer's system.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.69Factor sum 5.2/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.40
Dynamic Tool Use
0.90
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.70
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent acts as a package manager and plugin marketplace for Claude Code, but the specific underlying foundation models (presumably Claude models) and their alignment or fine-tuning parameters are not detailed in the directory listing.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The listing does not specify how training data, RAG pipelines, or vector databases are managed, though the distribution of 1367 skills suggests a large volume of functional code and prompt data is processed.

L3 · Agent Frameworks✓ mapped

The CCPI package manager and orchestration patterns directly govern how Claude Code loads, plans, and executes 416 plugins and 1367 skills. This introduces severe risks of tool misuse, insecure tool integration, and arbitrary code execution via malicious or compromised plugins.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment is highly dependent on the user's local Claude Code setup. There is no mention of sandboxing, containerization, or secure credential storage for the installed plugins and commands.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The listing mentions interactive tutorials and orchestration patterns but does not detail any built-in evaluation, logging, guardrails, or anomaly detection for executed plugins.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no evidence of built-in authentication, authorization policies, or compliance auditing for the CCPI package manager or the plugins it distributes.

L7 · Agent Ecosystem✓ mapped

This is a highly active agent ecosystem hub, distributing 416 plugins, 1367 skills, and orchestration patterns. It presents a massive attack surface for supply chain attacks, rogue plugins, and cascading failures across multi-agent workflows.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).