AgentReadyHomeAgent Listing

← delano/postman-mcp-server

delano/postman-mcp-server — agentic threat model

9.2AIVSS 9.2 · Critical

The delano/postman-mcp-server presents a high-risk profile due to its direct access to Postman API keys, workspaces, and potentially sensitive collection secrets. Compromise of this agent could lead to unauthorized external API execution and widespread credential exposure across integrated environments.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.72Factor sum 4.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.60
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The MCP server is model-agnostic and does not specify a foundation model, though adversarial prompt injection on the orchestrating LLM could lead to unauthorized tool execution.

L2 · Data Operations✓ mapped

Handles highly sensitive data operations by accessing Postman collections, environment variables, and API definitions which frequently contain hardcoded secrets, API keys, and proprietary endpoint schemas.

L3 · Agent Frameworks✓ mapped

Exposes powerful capabilities to agent frameworks, creating risks of tool misuse where an agent might delete workspaces, modify collections maliciously, or leak sensitive API keys during execution.

L4 · Deployment & Infrastructure✓ mapped

Requires secure hosting and strict secrets management for the Postman API keys. Compromise of the hosting environment directly exposes these credentials and the connected Postman account.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, auditing, or guardrails to monitor and restrict the API actions the agent performs via the MCP server.

L6 · Security & Compliance (cross-cutting)✓ mapped

Relies entirely on the provided Postman API key for authorization. It lacks granular, agent-specific access controls, meaning the agent inherits the full permissions of the API key holder.

L7 · Agent Ecosystem✓ mapped

As an MCP server, it is designed to integrate into broader agent ecosystems, introducing risks of cascading failures or lateral movement if a compromised agent calls this server to exfiltrate workspace data.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).