AgentReadyHomeAgent Listing

← Paradex MCP

Paradex MCP — agentic threat model

9.9AIVSS 9.9 · Critical

Paradex MCP represents an extremely high-risk financial agentic surface due to its ability to execute real-money trades and manage vaults. Without robust external guardrails, human-in-the-loop confirmations, and secure credential handling, it is highly vulnerable to prompt injection and unauthorized financial exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.8AARS uplift 0.12Factor sum 5.3/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.70
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The foundation model layer is external to this MCP connector. However, prompt injection or adversarial inputs to the orchestrating LLM could trick it into executing unauthorized trades or draining vaults via this tool.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The connector retrieves market data and account balances, but vector stores or RAG pipelines are not specified. Poisoned market data feeds could manipulate trading decisions.

L3 · Agent Frameworks✓ mapped

The MCP framework exposes highly sensitive tools (order placement, vault management). Insecure tool integration or lack of strict input validation on parameters like order size or asset type could lead to catastrophic financial loss.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment for the MCP server is unspecified. If deployed insecurely, API keys and private credentials for the Paradex platform could be exposed in plaintext.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in logging, guardrails, or anomaly detection are mentioned. Without transaction monitoring, unauthorized or anomalous trades may go unnoticed until funds are depleted.

L6 · Security & Compliance (cross-cutting)✓ mapped

The listing highlights that credentials, order-confirmation, and injection resistance are critical. There is no evidence of built-in Human-in-the-Loop (HITL) enforcement or multi-sig authorization for high-value transactions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While designed as an MCP tool, if integrated into a multi-agent ecosystem, a compromised secondary agent could abuse trust to trigger unauthorized trade executions through this connector.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).