AgentReadyHomeAgent Listing

← Datadog (community)

Datadog (community) — agentic threat model

7.5AIVSS 7.5 · High

This community Datadog MCP server exposes sensitive observability, APM, and incident data to an LLM, presenting high data exposure risks if API keys are over-privileged, though it operates primarily as a read-heavy monitoring tool.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.81Factor sum 3.1/10Threat ×1.05Mitigation ×0.9
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.10
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is determined by the host application running this MCP server. Threats include prompt injection hijacking the model to execute unauthorized Datadog API queries.

L2 · Data Operations✓ mapped

Acts as a gateway to Datadog's telemetry, APM traces, and incident data. Risks include data exfiltration of sensitive system logs, trace payloads containing PII, and infrastructure metadata through malicious queries.

L3 · Agent Frameworks✓ mapped

Integrates via the Model Context Protocol (MCP) to expose Datadog API endpoints as tools. Vulnerabilities include insecure tool integration and lack of input validation on query parameters passed to Datadog.

L4 · Deployment & Infrastructure✓ mapped

Requires local or containerized hosting of the MCP server. Secrets management is critical, as Datadog API and application keys must be securely injected and isolated from unauthorized local processes.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The server itself does not specify built-in logging or guardrails for the queries it executes, relying on the host MCP client or Datadog's native audit logs.

L6 · Security & Compliance (cross-cutting)✓ mapped

Relies heavily on external Datadog API/app key scoping to limit exposure. If keys are over-privileged, the agent could modify monitors or dashboards; strict credential scoping is the primary compliance control.

L7 · Agent Ecosystem✓ mapped

Operates within an MCP ecosystem where other connected agents could potentially query this server, leading to cascading data exposure or unauthorized incident manipulation if agent-to-agent trust is unconstrained.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).