AgentReadyHomeAgent Listing

← Moclaw

Moclaw — agentic threat model

9.3AIVSS 9.3 · Critical

Moclaw presents a high-risk profile due to its autonomous browser-control capabilities running on a dedicated cloud computer, making it highly susceptible to indirect prompt injection and host compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.83Factor sum 5.3/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.50
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is not specified. However, the model is highly vulnerable to indirect prompt injection from untrusted web content parsed during deep research, which could hijack browser control.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No details on vector databases or RAG pipelines are provided. However, multi-source research implies ingestion of untrusted web data, risking data poisoning or exfiltration via rendering.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates browser automation, form filling, and scheduled tasks. Threats include tool misuse, where the agent is manipulated into executing malicious actions, clicking harmful links, or submitting sensitive data to unauthorized endpoints.

L4 · Deployment & Infrastructure✓ mapped

The agent operates on a dedicated cloud computer. This introduces significant infrastructure threats, including container/host compromise, browser sandbox escapes, and unauthorized lateral movement if the cloud instance is not strictly isolated.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No monitoring, logging, or guardrail mechanisms are mentioned. The lack of observability makes it difficult to detect if the autonomous browser has been compromised or is executing malicious workflows.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No compliance certifications (such as SOC2) or explicit identity and access management controls are detailed for securing the user's credentials or session states on the cloud computer.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no indication of multi-agent coordination or marketplace integrations in the current feature set.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).