← Hedera Mirror Node MCP Server
Hedera Mirror Node MCP Server — agentic threat model
The Hedera Mirror Node MCP Server presents a very low agentic risk posture due to its strictly read-only nature, lack of private key access, and reliance on public ledger data.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.20 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.20 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation model is not specified. Standard LLM risks like prompt injection could cause the agent to construct incorrect queries or misinterpret ledger data, but cannot trigger unauthorized transactions.
Data operations rely on public Hedera Mirror Node REST endpoints. The primary risk is data poisoning or spoofing at the API level, leading the agent to retrieve and present manipulated ledger state to the user.
The agent framework integrates read-only MCP tools. Insecure tool integration risks are minimal because the tool surface is strictly limited to public queries, preventing any state-changing actions or fund movement.
Not certain from the listing — Host and network security depend entirely on where the MCP server is deployed. Standard containerization and secure local transport (stdio/SSE) are recommended to prevent local privilege escalation.
Not certain from the listing — No built-in logging, evaluation, or guardrail mechanisms are mentioned. Monitoring should be implemented at the client or gateway level to track query volume and detect anomalous lookup patterns.
The tool is open source and free, with no built-in authentication or authorization mechanisms. Since it only accesses public, non-sensitive ledger data, compliance and identity requirements are minimal.
In a multi-agent ecosystem, other agents might rely on this agent's output to make financial decisions. If this agent is fed manipulated ledger data, it could propagate incorrect state information to downstream agents.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).