AgentReadyHomeAgent ListingRuntimePricing

← Remote OpenClaw

Remote OpenClaw — agentic threat model

6.3AIVSS 6.3 · Medium

Remote OpenClaw is a static directory and resource hub for AI agent components rather than an active runtime agent, resulting in minimal direct agentic risk but serving as a potential vector for supply-chain attacks if hosted components or MCP servers are compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.0Factor sum 0.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.00
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.00
Contextual Awareness
0.00
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.00
Opacity & Reflexivity
0.00

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Remote OpenClaw is a directory of resources and does not run or host foundation models directly. Foundation model risks depend entirely on the downstream agent platforms (Hermes, Claude Code, etc.) that developers configure using these resources.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform acts as a metadata catalog for skills and MCP servers. It does not appear to manage active vector databases or RAG pipelines, though the curated workflows themselves could contain insecure data-handling patterns.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — While the directory indexes skills, plugins, and MCP servers for frameworks like OpenClaw and Claude Code, the directory itself does not execute agentic orchestration or tool-calling code.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The infrastructure risks are limited to standard web hosting, catalog search APIs, and repository security. There is no active execution environment or sandboxing of the listed agent components on the directory itself.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The directory does not run live agents and therefore lacks runtime evaluation, logging, or guardrails. Any monitoring of component quality or security is likely manual or community-driven.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There are no details regarding access controls, submission verification, or code-signing policies for the community-contributed MCP servers and workflows listed in the directory.

L7 · Agent Ecosystem✓ mapped

As a centralized marketplace/directory of MCP servers and agent skills, this platform represents a significant supply-chain risk. Compromised, malicious, or poorly vetted community-contributed components could lead to cascading failures or remote code execution when integrated into downstream agent ecosystems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology — every score is re-derived by the same automated method as an agent's public evidence changes.