AgentReadyHomeAgent Listing

← session-report

session-report — agentic threat model

6.0AIVSS 6.0 · Medium

This agent is a local, open-source diagnostic utility with low autonomy, primarily posing a risk of local sensitive data exposure (reading ~/.claude/projects transcripts) rather than active agentic execution.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.5AARS uplift 0.47Factor sum 1.1/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin parses transcripts generated by Anthropic models, but does not directly host or configure the foundation models themselves. It is subject to downstream risks if the parsed transcripts contain adversarial or poisoned model outputs.

L2 · Data Operations✓ mapped

The agent reads local ~/.claude/projects transcripts. The primary threat is unauthorized local data access or exfiltration if the transcripts contain highly sensitive proprietary code, API keys, or personal data.

L3 · Agent Frameworks✓ mapped

The agent acts as a parser and reporter of agent frameworks (subagents, skills, and token usage). If the parser is vulnerable to path traversal or injection via malformed transcript files, it could lead to local code execution.

L4 · Deployment & Infrastructure✓ mapped

The agent runs locally as a command-line tool and writes an HTML artifact. The primary infrastructure risk is the lack of sandboxing when executing the parser on a local developer machine.

L5 · Evaluation & Observability✓ mapped

This tool itself is an observability and evaluation utility designed to expose token usage, cache efficiency, and expensive prompts, helping mitigate observability blind spots in other agents.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no mention of built-in access controls, encryption for the generated HTML reports, or compliance auditing for how transcript data is handled.

L7 · Agent Ecosystem✓ mapped

The agent analyzes multi-agent interactions (subagents and skills) from historical logs, but does not actively orchestrate or participate in live multi-agent ecosystems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).