AgentReadyHomeAgent Listing

← Coinrule

Coinrule — agentic threat model

8.6AIVSS 8.6 · High

Coinrule exhibits high financial risk due to its automated execution of cryptocurrency trades across multiple external exchanges, though its operational risk is mitigated by its deterministic, rule-based (IFTTT) architecture rather than autonomous LLM planning.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.52Factor sum 3.3/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.10
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Coinrule is described as using deterministic 'If-This-Then-That' logic and indicators rather than LLMs; foundation model threats like prompt injection or model poisoning are likely not applicable unless LLMs are used for rule generation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform processes real-time market data feeds and user portfolio balances, but there is no indication of vector databases or RAG operations. The primary data threat is the poisoning or manipulation of market data feeds used to trigger rules.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration relies on a deterministic rule engine rather than an LLM agent framework. The primary threat at this layer is logic flaws in rule execution or unauthorized modification of user-defined trading rules.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a web-based platform executing trades, secure hosting and robust secrets management for user exchange API keys are critical. A compromise here could lead to mass theft of API credentials and unauthorized trading.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While the platform must monitor rule execution and trade outcomes, the listing does not detail specific security observability, anomaly detection for erratic trading behavior, or guardrails against market manipulation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Secure API key management (e.g., restricting permissions to trade but preventing withdrawals) and user authentication (2FA) are vital, but specific compliance certifications or security frameworks are not detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no mention of a multi-agent ecosystem or collaborative agent interactions, though the platform interacts directly with external exchange ecosystems (Binance, Coinbase Pro, Kraken).

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).