AgentReadyHomeAgent Listing

← Glassnode MCP

Glassnode MCP — agentic threat model

5.9AIVSS 5.9 · Medium

The Glassnode MCP agent acts as a read-only data connector for institutional-grade financial metrics, presenting low direct agentic risk but introducing potential financial decision-making risks if its analytical outputs are manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.89Factor sum 2.0/10Threat ×0.95Mitigation ×0.95
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified; however, it is vulnerable to prompt injection that could cause the agent to misinterpret or misrepresent the retrieved financial metrics to the user.

L2 · Data Operations✓ mapped

The agent retrieves structured on-chain metrics and market intelligence articles via the Glassnode API. Threats include data manipulation if the upstream API is compromised, or local caching/exfiltration of sensitive paid market data.

L3 · Agent Frameworks✓ mapped

The agent uses the Model Context Protocol (MCP) to expose tools for bulk multi-asset fetching. Threats include tool misuse where malicious prompts force excessive API calls, exhausting rate limits or paid API quotas.

L4 · Deployment & Infrastructure✓ mapped

The agent requires an API key to access paid Glassnode analytics. The primary threat is the insecure storage or exposure of this API key within the host environment or during transit.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, telemetry, or guardrails to monitor query volumes, detect anomalous data retrieval patterns, or verify the integrity of the returned financial metrics.

L6 · Security & Compliance (cross-cutting)✓ mapped

Access control is gated via a standard API key (with a 30-day limit for the free tier). There is no evidence of fine-grained role-based access control (RBAC) or compliance auditing for data usage within the agent itself.

L7 · Agent Ecosystem✓ mapped

Designed to feed analytical data into other agents' decision-making pipelines. A compromised or manipulated Glassnode agent could feed poisoned market intelligence to downstream trading or execution agents, causing cascading financial losses.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).