AgentReadyHomeAgent Listing

← mermaid-preview

mermaid-preview — agentic threat model

6.4AIVSS 6.4 · Medium

The mermaid-preview agent acts as a local Claude Code plugin that automatically triggers browser previews on file edits, introducing local network and browser-based attack surfaces through file system hooks and local web serving.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.1AARS uplift 0.66Factor sum 1.6/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.40
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin relies on Claude Code's underlying foundation model to generate or modify Mermaid diagrams, but does not directly manage or fine-tune the model itself.

L2 · Data Operations✓ mapped

The agent operates directly on local files containing Mermaid syntax during Write/Edit/MultiEdit/NotebookEdit actions, meaning local data integrity and file path traversal are the primary data operations risks.

L3 · Agent Frameworks✓ mapped

Hooks into Claude Code's file modification events to trigger tool execution. Insecure tool integration could allow an attacker to craft malicious file contents that execute arbitrary code or launch unauthorized local browser sessions.

L4 · Deployment & Infrastructure✓ mapped

Launches a local browser and serves files locally. This creates a local network surface (e.g., local port binding) that could be vulnerable to cross-site scripting (XSS) or local file inclusion if the server does not properly sanitize served paths.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, auditing, or guardrails to monitor what files are being served or to detect malicious HTML/JS injection within the Mermaid diagrams.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The plugin runs locally within the user's development environment without explicit authentication, authorization, or compliance controls mentioned in the directory listing.

L7 · Agent Ecosystem✓ mapped

Operates as a plugin within the Claude Code ecosystem. If Claude Code is compromised or executes untrusted workspace code, this plugin will automatically render and execute the output, potentially leading to local drive-by attacks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).