AgentReadyHomeAgent Listing

← claude-statusline (hell0github)

claude-statusline (hell0github) — agentic threat model

3.4AIVSS 3.4 · Low

claude-statusline is a passive, low-risk monitoring plugin for the Claude Code CLI that reads local session transcripts to display usage metrics. Because it lacks autonomous execution, tool-calling, or external network capabilities, its agentic risk profile is extremely minimal.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 3.3AARS uplift 0.12Factor sum 0.2/10Threat ×0.9Mitigation ×1.0
Autonomy of Action
0.00
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.00
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin itself does not run or host foundation models; it merely monitors the context window and token usage of the underlying Claude Code CLI model.

L2 · Data Operations✓ mapped

The plugin reads local session transcripts to calculate token usage and costs. If these transcripts contain sensitive data, a vulnerability in the plugin's file-reading script could lead to local data exposure, though no external exfiltration mechanism is described.

L3 · Agent Frameworks✓ mapped

The plugin hooks into the Claude Code CLI statusLine mechanism. It does not orchestrate planning, memory, or tool execution, meaning typical framework threats like tool misuse or prompt injection hijacking are not directly applicable to this plugin.

L4 · Deployment & Infrastructure✓ mapped

Runs locally as a lightweight script within the user's terminal/CLI environment. It inherits the security posture, permissions, and sandbox constraints of the host system running Claude Code.

L5 · Evaluation & Observability✓ mapped

This plugin acts as an observability tool itself, tracking cost and context window usage. However, it does not provide security-focused guardrails or anomaly detection for the underlying agent's behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no mention of built-in authentication, access controls, or compliance auditing within this lightweight open-source plugin.

L7 · Agent Ecosystem✓ mapped

The plugin does not interact with other agents or marketplaces; it operates strictly as a local single-user CLI status bar extension.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).