AgentReadyHomeAgent Listing

← Postman MCP Server

Postman MCP Server — agentic threat model

9.3AIVSS 9.3 · Critical

The Postman MCP Server exposes highly sensitive API environments, collections, and workspaces to LLMs, presenting a high-risk vector for credential theft and unauthorized API execution if the agent is manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.76Factor sum 4.6/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.70
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is not specified, but it is highly vulnerable to indirect prompt injection where malicious API documentation or collection descriptions could hijack model execution.

L2 · Data Operations✓ mapped

The agent interacts directly with Postman collections and environments. The primary risk is data exfiltration of sensitive environment variables, API keys, and bearer tokens stored within those environments.

L3 · Agent Frameworks✓ mapped

Uses the Model Context Protocol (MCP) to orchestrate tool calling. Insecure tool integration is a major threat, as the agent can be coerced into executing destructive API requests or modifying collection structures.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment of the MCP server is unspecified, but it requires access to the Postman API, making secure storage of the Postman API key/token a critical infrastructure concern.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, guardrails, or anomaly detection to monitor whether the agent is accessing unauthorized workspaces or exporting secrets.

L6 · Security & Compliance (cross-cutting)✓ mapped

The listing explicitly highlights token scope and environment exposure as main confidentiality risks. Strict identity and access management (IAM) policies must be enforced on the Postman API keys used by the server.

L7 · Agent Ecosystem✓ mapped

As an MCP server, this agent is designed to be called by other host agents. This introduces agent-to-agent trust abuse risks, where a compromised orchestrator agent can abuse this server to steal credentials.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).