AgentReadyHomeAgent Listing

← Mapbox MCP Server

Mapbox MCP Server — agentic threat model

6.8AIVSS 6.8 · Medium

The Mapbox MCP Server acts as a stateless tool provider exposing mapping and geocoding APIs, presenting moderate risk primarily centered around access token theft, financial abuse via billable API calls, and potential leakage of sensitive location data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.63Factor sum 1.8/10Threat ×1.0Mitigation ×0.95
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The Mapbox MCP server is a tool provider and does not bundle its own foundation model; model-level threats depend entirely on the external orchestrating LLM.

L2 · Data Operations✓ mapped

Handles sensitive location-data queries, geocoding requests, and routing coordinates. Risks include the exposure of user location history or proprietary spatial queries to transit.

L3 · Agent Frameworks✓ mapped

Exposes tools via the Model Context Protocol (MCP). Vulnerable to tool misuse where an orchestrating agent executes excessive or unauthorized geocoding/routing API calls.

L4 · Deployment & Infrastructure✓ mapped

Requires hosting the MCP server and storing a Mapbox access token. Risks include token theft from environment variables or configuration files, and unauthorized network access to the Mapbox API endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in logging, rate-limiting, or cost-monitoring guardrails are mentioned to detect anomalous API consumption or token abuse.

L6 · Security & Compliance (cross-cutting)✓ mapped

Relies on Mapbox access-token authentication. Lack of fine-grained client-side authorization means any agent with access to the server can perform any billable action allowed by the token.

L7 · Agent Ecosystem✓ mapped

Designed for integration into broader agentic workflows. A compromised or poorly configured parent agent could trigger cascading financial costs by looping billable Mapbox API calls.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).