AgentReadyHomeAgent Listing

← Shipper.now

Shipper.now — agentic threat model

9.5AIVSS 9.5 · Critical

Shipper.now presents a high-risk profile due to its ability to generate, compile, and host full-stack applications directly from natural language prompts. Without explicit sandboxing or code-analysis guardrails, it could be exploited to generate and host malicious software, phishing pages, or facilitate supply-chain attacks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.73Factor sum 5.5/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on advanced commercial LLMs (such as GPT-4 or Claude) to generate code. Threats include prompt injection that could force the model to generate backdoored code, bypass safety filters, or leak system prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — no details are provided regarding data storage, vector databases, or training data. If user prompts and generated codebases are stored, threats include data exfiltration of proprietary application designs or intellectual property.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — uses an orchestration layer to translate natural language into structured frontend and backend code. Threats include insecure tool integration where the agent framework executes arbitrary shell commands or compiler tools during the build process.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the agent provides 'live hosting included' for generated apps. This introduces severe infrastructure risks, including container escape, lateral movement between hosted tenant applications, and resource exhaustion on the hosting platform.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of automated code scanning, AST (Abstract Syntax Tree) analysis, or runtime guardrails. The lack of observability could allow users to deploy malicious applications (e.g., phishing sites, crypto miners) undetected.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed-source product with no mentioned security certifications (like SOC2) or identity governance. Risks include lack of audit trails for generated code and potential liability issues if hosted apps violate regional regulations (e.g., GDPR).

L7 · Agent Ecosystem✓ mapped

The listing indicates this is a standalone horizontal coding agent with no multi-agent orchestration, external integrations, or marketplace ecosystem, minimizing agent-to-agent trust abuse risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).