AgentReadyHomeAgent Listing

← darknet-mcp-server (badchars)

darknet-mcp-server (badchars) — agentic threat model

9.1AIVSS 9.1 · Critical

The darknet-mcp-server presents a high-risk agentic profile due to its extensive toolset (66 tools) accessing untrusted dark-web content, Tor networks, and exploit databases, creating a massive attack surface for indirect prompt injection and unauthorized data egress.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.4AARS uplift 0.74Factor sum 4.2/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.90
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.60
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, but any LLM integrating this MCP server is highly vulnerable to indirect prompt injection and adversarial reprogramming due to processing untrusted, malicious dark-web and breach data.

L2 · Data Operations✓ mapped

Exposes 16 data sources containing highly sensitive and potentially toxic data (breaches, ransomware, stealer logs). Ingesting this untrusted data introduces severe risks of data poisoning and downstream context contamination.

L3 · Agent Frameworks✓ mapped

Provides 66 tools for threat intelligence and Tor access. The primary threat is tool misuse and indirect prompt injection, where malicious payloads embedded in dark-web search results hijack the orchestrating agent's execution flow.

L4 · Deployment & Infrastructure✓ mapped

Enables Tor .onion access and exploit searching. This introduces significant network-level risks, including unauthorized data egress over Tor and potential execution of retrieved exploits if the environment is not strictly sandboxed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of logging, output sanitization, or guardrails to filter out malicious payloads, exploits, or illegal content retrieved from the dark web before it reaches the agent.

L6 · Security & Compliance (cross-cutting)✓ mapped

Many tools require no API keys, indicating a lack of centralized authentication or access control. This open access model increases the risk of unauthorized or unmonitored usage of sensitive threat-intel capabilities.

L7 · Agent Ecosystem✓ mapped

As an MCP server, this toolset is designed to be consumed by other agents. A compromise or injection via this server can easily propagate horizontally to other agents within the ecosystem that trust its outputs.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).