AgentReadyHomeAgent Listing

← NIST Vulnerability MCP Server

NIST Vulnerability MCP Server — agentic threat model

5.0AIVSS 5.0 · Medium

This agent acts as a read-only informational bridge to the NIST NVD database, presenting low inherent agentic risk due to its lack of write capabilities, though it could be used to feed vulnerability intelligence to malicious orchestrators.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.74Factor sum 1.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.40
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The MCP server itself does not specify a foundation model, but the consuming agent's LLM is susceptible to prompt injection that could manipulate how CVE data is interpreted or presented.

L2 · Data Operations✓ mapped

The agent queries the external NIST NVD API. Threats include upstream data poisoning of the NVD or man-in-the-middle attacks altering the returned vulnerability intelligence before it reaches the agent context.

L3 · Agent Frameworks✓ mapped

As an MCP server, it exposes tools for CVE lookup and product queries. Risks include insecure tool integration where an orchestrating agent passes unsanitized inputs to the MCP tool, potentially causing denial of service or unexpected behavior.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment infrastructure of this MCP server is host-dependent. If run locally without sandboxing, vulnerabilities in the server code or its dependencies could lead to local host compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, rate-limiting, or validation guardrails for the API requests made to the NIST NVD, creating potential blind spots in usage monitoring.

L6 · Security & Compliance (cross-cutting)✓ mapped

The tool is open source and free, with no explicit authentication, authorization, or compliance controls mentioned in the listing to restrict who can query the server or how the data is audited.

L7 · Agent Ecosystem✓ mapped

Designed to surface vulnerability intelligence into broader agent contexts. A compromised or rogue orchestrator agent could abuse this tool to automatically scan and identify zero-day or unpatched exposures in a target environment.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).