AgentReadyHomeAgent Listing

← claude-usage-analyst

claude-usage-analyst — agentic threat model

6.0AIVSS 6.0 · Medium

The claude-usage-analyst is a low-autonomy local utility agent whose primary risk stems from reading local host logs, making it vulnerable to local data exfiltration or prompt injection if log contents are maliciously manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.5AARS uplift 0.54Factor sum 1.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on Claude models via Claude Desktop/Code. The primary threat is indirect prompt injection if malicious or crafted data is written to the local usage logs and subsequently parsed by the model.

L2 · Data Operations✓ mapped

Reads local usage logs (ccusage data) on the host. Threats include data exfiltration of sensitive usage patterns, metadata, or log poisoning where manipulated log files skew the analysis or inject malicious payloads.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely implemented as a Model Context Protocol (MCP) tool or local script. Threat includes insecure tool integration if the file-reading mechanism lacks strict path-traversal limitations.

L4 · Deployment & Infrastructure✓ mapped

Runs locally on the host machine to read local logs. Threat includes local privilege escalation or unauthorized local file access if the agent framework running the skill is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — being a free, open-source community skill, it likely lacks dedicated evaluation, guardrails, or anomaly detection to identify tampered log inputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — there are no mentioned authentication, authorization, or compliance controls. It relies entirely on the host operating system's file permissions to restrict access to the logs.

L7 · Agent Ecosystem✓ mapped

Operates as a 'Community Agent Skill' within the Claude Desktop/Code ecosystem. Threat includes horizontal trust abuse if other local agents or tools invoke this skill to gather intelligence on the user's model usage and costs.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).