Shipper.now — agentic threat model
Shipper.now presents a high-risk profile due to its ability to generate, compile, and host full-stack applications directly from natural language prompts. Without explicit sandboxing or code-analysis guardrails, it could be exploited to generate and host malicious software, phishing pages, or facilitate supply-chain attacks.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.80 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely relies on advanced commercial LLMs (such as GPT-4 or Claude) to generate code. Threats include prompt injection that could force the model to generate backdoored code, bypass safety filters, or leak system prompts.
Not certain from the listing — no details are provided regarding data storage, vector databases, or training data. If user prompts and generated codebases are stored, threats include data exfiltration of proprietary application designs or intellectual property.
Not certain from the listing — uses an orchestration layer to translate natural language into structured frontend and backend code. Threats include insecure tool integration where the agent framework executes arbitrary shell commands or compiler tools during the build process.
Not certain from the listing — the agent provides 'live hosting included' for generated apps. This introduces severe infrastructure risks, including container escape, lateral movement between hosted tenant applications, and resource exhaustion on the hosting platform.
Not certain from the listing — there is no mention of automated code scanning, AST (Abstract Syntax Tree) analysis, or runtime guardrails. The lack of observability could allow users to deploy malicious applications (e.g., phishing sites, crypto miners) undetected.
Not certain from the listing — closed-source product with no mentioned security certifications (like SOC2) or identity governance. Risks include lack of audit trails for generated code and potential liability issues if hosted apps violate regional regulations (e.g., GDPR).
The listing indicates this is a standalone horizontal coding agent with no multi-agent orchestration, external integrations, or marketplace ecosystem, minimizing agent-to-agent trust abuse risks.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).