AgentReadyHomeAgent Listing

← datadog

datadog — agentic threat model

7.5AIVSS 7.5 · High

This agent acts as an MCP server bridging Claude Code to Datadog, presenting a high-value target due to its direct access to sensitive telemetry, logs, and dashboards, though its risk is primarily read-heavy rather than write-heavy.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.43Factor sum 3.9/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.20
Contextual Awareness
0.70
Dynamic Identity
0.40
Multi-Agent Interactions
0.50
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on Claude Code's underlying foundation model. Threats include prompt injection hijacking the MCP tool-calling mechanism to execute unauthorized queries.

L2 · Data Operations✓ mapped

The agent queries live logs, metrics, traces, and dashboards. The primary threat is data exfiltration of sensitive PII, credentials, or proprietary system architecture contained within Datadog telemetry.

L3 · Agent Frameworks✓ mapped

Utilizes the Model Context Protocol (MCP) framework. Vulnerabilities include insecure tool integration where Claude Code may be tricked into executing overly broad or malicious queries against the Datadog API.

L4 · Deployment & Infrastructure✓ mapped

The MCP server runs locally or in the user's environment alongside Claude Code. Threats include exposure of the Datadog API keys/credentials used to authenticate the MCP server.

L5 · Evaluation & Observability✓ mapped

While the agent's purpose is observability, there is a risk of self-referential blind spots if the agent is used to monitor the very system running it, or if query limits/throttling are not enforced.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — security depends heavily on the local configuration of the MCP host and the specific IAM permissions assigned to the Datadog API key used by the plugin.

L7 · Agent Ecosystem✓ mapped

Operates in a multi-agent/tool ecosystem where Claude Code orchestrates the Datadog MCP server. A compromise of Claude Code or another active plugin could lead to lateral abuse of the Datadog connection.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).