AgentReadyHomeAgent Listing

← cve-search_mcp (roadwy)

cve-search_mcp (roadwy) — agentic threat model

4.5AIVSS 4.5 · Medium

The cve-search_mcp agent is a low-risk, read-only utility designed to query vulnerability databases. Its primary security exposure is the potential for indirect prompt injection or data poisoning via untrusted CVE/CPE content returned from external APIs.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.68Factor sum 1.2/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.10
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent relies on an external, unspecified LLM via the MCP client. The primary threat is indirect prompt injection if the model processes malicious payloads embedded within CVE descriptions or CPE data returned by the API.

L2 · Data Operations✓ mapped

The agent performs read-only queries against external CVE-Search APIs. The main risk is data poisoning or manipulation of the upstream vulnerability database, leading to inaccurate security assessments or injection of malicious text into the agent's context.

L3 · Agent Frameworks✓ mapped

The agent exposes specific, well-defined tools for querying CVEs and CPEs. Risks are low due to the read-only nature of the tools, but insecure integration in the host MCP client could lead to tool output handling vulnerabilities.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment of the MCP server is not specified. Standard risks include insecure network connections to the CVE-Search API and lack of sandboxing for the local MCP process.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, input validation, or output sanitization guardrails to detect or prevent malicious payloads within the retrieved vulnerability data.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent is open-source and free, with no explicit authentication, authorization, or compliance frameworks mentioned. It relies entirely on the host MCP client to enforce security policies.

L7 · Agent Ecosystem✓ mapped

As an MCP tool, this agent is designed to be called by other orchestrator agents. A compromised orchestrator could abuse this tool for reconnaissance, or this tool could pass poisoned data upstream to other agents in a multi-agent workflow.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).