AgentReadyHomeAgent Listing

← Peekaboo

Peekaboo — agentic threat model

8.4AIVSS 8.4 · High

Peekaboo presents a high-risk profile due to its ability to capture arbitrary macOS screen content and manage windows, exposing sensitive, unrelated application data to upstream LLMs without built-in filtering or consent boundaries.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.65Factor sum 2.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.00
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.40
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Peekaboo acts as an MCP tool rather than a model, but the upstream vision models performing the 'on-image analysis' are highly susceptible to visual prompt injection and adversarial images displayed on the user's screen.

L2 · Data Operations✓ mapped

Data operations involve transient screen capture and window state data. The primary threat is the accidental ingestion and potential exfiltration of highly sensitive, unredacted PII, credentials, or proprietary data visible in adjacent, unrelated application windows.

L3 · Agent Frameworks✓ mapped

As an MCP tool, insecure integration into an agent framework could allow an orchestrator to be manipulated into executing unauthorized window management actions or capturing screenshots at sensitive moments.

L4 · Deployment & Infrastructure✓ mapped

The tool runs locally on macOS and requires OS-level Screen Recording and Accessibility permissions. Compromise of the local MCP host or socket allows complete, silent visual surveillance of the user's active session.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There are no mentioned guardrails, automated redaction capabilities, or audit logging mechanisms to monitor when screenshots are taken or to mask sensitive fields before analysis.

L6 · Security & Compliance (cross-cutting)✓ mapped

Lacks native authorization policies, user-confirmation prompts (Human-in-the-Loop), or compliance controls, creating significant compliance friction regarding data privacy regulations like GDPR and CCPA.

L7 · Agent Ecosystem✓ mapped

In a multi-agent MCP ecosystem, a secondary compromised agent could query the Peekaboo tool to exfiltrate active session data, bypassing traditional application sandboxing boundaries via the shared desktop interface.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).