AgentReadyHomeAgent Listing

← mcp-shodan (ADEOSec)

mcp-shodan (ADEOSec) — agentic threat model

8.3AIVSS 8.3 · High

The mcp-shodan agent presents a moderate-to-high risk profile due to its handling of sensitive threat intelligence API keys and its ability to perform active network reconnaissance and alert management, which could be abused via prompt injection from untrusted external data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.85Factor sum 3.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.60
Multi-Agent Interactions
0.20
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, but the 11 consolidated analysis prompts are vulnerable to indirect prompt injection if external data returned from Shodan or VirusTotal contains adversarial payloads.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — It is unclear if the server caches or stores query results locally, but processing external threat intelligence data introduces a risk of data poisoning or injection into the analyst's context.

L3 · Agent Frameworks✓ mapped

The agent framework exposes 11 consolidated prompts for host lookup, DNS operations, and alert management. Insecure tool integration or lack of input validation on these prompts could allow an attacker to trigger unauthorized network scans or manipulate alerts.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment is not detailed, but the server must securely store and access two sensitive API keys (Shodan and VirusTotal), presenting a high-value target for credential theft.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, auditing, or guardrails to monitor and restrict the types of queries or hosts being scanned through the MCP server.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The tool lacks defined access control policies or authentication mechanisms to verify which users or upstream agents are authorized to execute reconnaissance commands.

L7 · Agent Ecosystem✓ mapped

As an MCP server, this agent is built to integrate directly into larger agentic ecosystems, meaning a compromise or manipulation of this tool can propagate to other connected orchestrators and decision-making agents.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).