AgentReadyHomeAgent Listing

← mcp-shodan (w0h1v)

mcp-shodan (w0h1v) — agentic threat model

7.8AIVSS 7.8 · High

The mcp-shodan agent acts as a high-value target due to its handling of sensitive Shodan API keys and its role as an external data-injection vector, potentially allowing malicious network data to influence host agent behavior.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 0.96Factor sum 3.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.40
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent relies on external foundation models (e.g., Claude, Gemini) via host CLIs, making it susceptible to indirect prompt injection if malicious Shodan payloads reprogram the host model's behavior.

L2 · Data Operations✓ mapped

Acts as an external data retrieval pipeline. It introduces a significant data-injection surface, as untrusted network reconnaissance data, DNS records, or CVE descriptions returned from Shodan are fed directly into the host agent's context window.

L3 · Agent Frameworks✓ mapped

Integrates as an MCP tool within agent frameworks. Vulnerabilities include tool misuse (e.g., an LLM performing unauthorized scanning) and insecure handling of structured Shodan API responses within the orchestration layer.

L4 · Deployment & Infrastructure✓ mapped

Runs locally within terminal environments (Claude Code, Gemini CLI) or Claude Desktop. The primary infrastructure risk is the exposure and potential theft of the Shodan API key stored in local configuration files.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, auditing, or guardrails to monitor Shodan queries or detect anomalous scanning patterns initiated by the agent.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — As an open-source tool, it lacks enterprise-grade access controls, compliance certifications, or policy enforcement mechanisms beyond basic API key authentication.

L7 · Agent Ecosystem✓ mapped

Designed to operate across multiple agent ecosystems (Claude Code, Codex, Gemini CLI). This cross-framework compatibility increases the risk of cascading trust issues if a compromised agent leverages this tool to perform malicious reconnaissance.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).