Claude Hud — agentic threat model
Claude Hud is a passive observability plugin with low inherent agentic risk, but its deep integration into Claude Code means a compromise could be used to spoof system state or mask malicious subagent activity.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.00 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.20 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Claude Hud is a monitoring plugin for Claude Code; it does not appear to host or directly run its own foundation model, though it visualizes the context usage of the underlying Claude model.
Not certain from the listing — The plugin displays context window usage but does not seem to manage its own vector stores, training data, or persistent knowledge bases.
Claude Hud integrates directly with Claude Code's framework to track active tools, subagents, and todo progress. Vulnerabilities in this integration could allow an attacker to spoof HUD outputs or exploit the slash command interface to manipulate the display.
Not certain from the listing — As an open-source plugin, its deployment environment depends entirely on the host system running Claude Code, with no built-in sandboxing or infrastructure controls mentioned.
This plugin is specifically an observability tool. While it helps mitigate blind spots in Claude Code, a compromise of the HUD itself could lead to deceptive observability, such as hiding malicious subagent activity or spoofing tool execution states.
Not certain from the listing — There are no mentioned access controls, authentication mechanisms, or compliance audits for this open-source plugin.
The HUD monitors running subagents. If a subagent is compromised, it could attempt to exploit the HUD's display capabilities or slash commands to mislead the human operator about its actual progress and active tools.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).