AgentReadyHomeAgent Listing

← Cliprun

Cliprun — agentic threat model

9.4AIVSS 9.4 · Critical

Cliprun presents a high-risk profile due to its core feature of instantly executing arbitrary Python code sourced from external, untrusted environments (like LLM chats and GitHub) directly within the user's browser context. The lack of explicit sandboxing or execution guardrails combined with automated scheduling capabilities creates a potent vector for remote code execution and data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.62Factor sum 4.7/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.30
Self-Modification
0.20
Dynamic Tool Use
0.90
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Cliprun executes code sourced from LLMs like ChatGPT or Claude, but the listing does not specify if it hosts or directly integrates with its own foundation models.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent processes scraped web data and local files via Python libraries, but there is no explicit mention of dedicated vector databases, RAG pipelines, or data lineage controls.

L3 · Agent Frameworks✓ mapped

High risk of tool misuse and insecure tool integration. The framework allows execution of arbitrary Python code sourced directly from external web pages or LLMs, creating a direct vector for prompt injection to execute malicious code.

L4 · Deployment & Infrastructure✓ mapped

Critical infrastructure risk. Executing arbitrary Python code within the browser or a cloud sandbox poses severe risks of sandbox escape, local resource compromise, or unauthorized network access via libraries like requests.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, execution logging, or anomaly detection to monitor and block malicious or runaway Python scripts.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The tool lacks documented security controls, compliance certifications, or enterprise-grade access policies for managing script execution permissions.

L7 · Agent Ecosystem✓ mapped

Exposed to ecosystem threats. By design, it consumes and executes code directly from external platforms (GitHub, ChatGPT), making it highly vulnerable to upstream supply chain attacks or malicious code injection from compromised repositories.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).