AgentReadyHomeAgent Listing

← Postman

Postman — agentic threat model

8.8AIVSS 8.8 · High

The Postman MCP server agent introduces significant risk by bridging Claude Code with powerful API lifecycle tools, enabling automated test execution, mock creation, and security auditing that could be abused to execute unauthorized API requests or exfiltrate sensitive endpoint schemas.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.79Factor sum 5.0/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.50
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on the host model (Claude Code) for reasoning. Vulnerable to prompt injection attacks that could trick the underlying model into executing malicious Postman MCP tool calls or generating insecure client code.

L2 · Data Operations✓ mapped

Handles sensitive API collections, environment variables, schemas, and mock data. Risks include unauthorized exfiltration of API keys/secrets stored in collections and poisoning of API documentation or mock responses.

L3 · Agent Frameworks✓ mapped

Exposes a bundled Postman MCP server with tools for collection sync, test runs, and security audits. Insecure tool integration could allow an attacker to trigger arbitrary API requests or execute malicious test scripts via the MCP interface.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — operates as a local or remote MCP server integrated with Claude Code. If run locally without strict sandboxing, compromised tool execution could lead to local network scanning or unauthorized access to local development environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — lacks explicit mention of guardrails or execution logging for the MCP server tools, creating a blind spot regarding which API collections are accessed or modified by the agent.

L6 · Security & Compliance (cross-cutting)✓ mapped

Performs API security auditing, but the agent itself requires robust authentication and authorization controls to ensure only authorized users can trigger API tests, sync collections, or access sensitive environment variables.

L7 · Agent Ecosystem✓ mapped

Integrates directly with Claude Code as an MCP plugin. Vulnerable to cascading failures or trust abuse if Claude Code is compromised and used to orchestrate malicious actions through the Postman API tools.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).