Nuclei — agentic threat model
Nuclei as an MCP tool grants LLMs direct network scanning, protocol execution, and custom code execution capabilities, creating a high-risk vector for unauthorized scanning, server-side request forgery (SSRF), and network-based attacks if the agent is manipulated.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.40 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — the underlying LLM is not specified, but it is highly vulnerable to prompt injection attacks that could trick the model into scanning unauthorized targets or executing malicious YAML templates.
Not certain from the listing — however, the agent retrieves and processes raw scan results, vulnerability reports, and community templates, presenting risks of result-injection or malicious template ingestion.
The MCP wrapper exposes powerful scanning, template management, and result retrieval tools. Insecure tool integration could allow an attacker to bypass target scope restrictions or execute arbitrary code via the 'code' protocol support in Nuclei.
Not certain from the listing — the deployment environment requires strict network sandboxing and egress filtering to prevent the agent from being used to scan internal networks (SSRF) or launch distributed denial-of-service (DDoS) attacks.
Not certain from the listing — there is no mention of built-in guardrails, logging of executed scan targets, or evaluation mechanisms to detect when the agent is being misused for unauthorized reconnaissance.
Not certain from the listing — the tool lacks native authorization policies, target whitelisting, or rate-limiting controls, which must be implemented externally to prevent regulatory and legal violations associated with unauthorized scanning.
In a multi-agent setup, other compromised or rogue agents could abuse the Nuclei agent to perform network reconnaissance, exploit discovered vulnerabilities, or exfiltrate sensitive network topology data.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).