loc-guardian — agentic threat model
loc-guardian operates directly on the file-write path as a Claude Code plugin, presenting risks of local file modification, write-gating denial of service, or command injection if the underlying tools or LLM-generated extraction plans are compromised.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.30 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Uses Claude Opus to generate extraction plans. Threats include prompt injection or adversarial inputs that manipulate the model into generating malicious, corrupted, or syntactically invalid code-splitting plans.
Reads local codebase files to count lines of code and analyze structure. While it does not use a vector database, malicious local files could exploit parser vulnerabilities in the LOC counter or the LLM context window.
Integrates with the external tool 'tokei' and runs as a write/edit hook. If file paths or shell executions are not properly sanitized, this integration could lead to local command injection or unauthorized file system traversal.
Not certain from the listing — The plugin runs locally within the user's Claude Code environment. Sandboxing and privilege isolation depend entirely on the host system and the parent Claude Code execution environment.
Not certain from the listing — Beyond flagging LOC violations on write, there is no mention of security logging, audit trails, or anomaly detection to monitor if the plugin is bypassed or abused.
Not certain from the listing — Enforces a basic compliance policy (LOC limits), but lacks built-in identity, authorization, or access control mechanisms, relying instead on the host operating system's file permissions.
Operates as a single-agent plugin within Claude Code. There are no multi-agent interactions or marketplace dependencies described, limiting ecosystem-level cascading risks.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).