AgentReadyHomeAgent Listing

← Snyk Agent Scan

Snyk Agent Scan — agentic threat model

5.7AIVSS 5.7 · Medium

Snyk Agent Scan is a security-focused utility designed to audit the agent supply chain and MCP servers, presenting low inherent agentic risk but possessing high read-access sensitivity to local agent configurations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.59Factor sum 1.7/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing does not specify if Snyk Agent Scan uses an LLM itself to detect prompt injection or if it relies on static signatures and heuristics. If it uses an LLM, it could be vulnerable to evasion or adversarial bypasses.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The tool scans local files and MCP server configurations, but there is no mention of it maintaining its own vector database, training pipeline, or RAG architecture.

L3 · Agent Frameworks✓ mapped

The tool directly targets the orchestration layer of other agents, scanning MCP servers and skills for vulnerabilities like tool poisoning and insecure tool integration. If compromised, the scanner itself could be manipulated via poisoned tools it analyzes.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a local discovery and scanning tool, it requires read access to the host machine to discover installed agents and MCP servers, raising potential local privilege escalation or host compromise risks if the scanner itself is vulnerable.

L5 · Evaluation & Observability✓ mapped

This tool acts as an observability and evaluation guardrail for other agents by detecting prompt injection and vulnerabilities. However, its own logging and evaluation mechanisms are not detailed.

L6 · Security & Compliance (cross-cutting)✓ mapped

The tool is designed for security auditing and compliance of third-party MCP servers. It helps establish policy and audit controls, but its own authorization model (e.g., how it secures its access to the host) is not specified.

L7 · Agent Ecosystem✓ mapped

Directly addresses the agent ecosystem by scanning the agent supply chain, mitigating risks of rogue/compromised MCP servers and A2A trust abuse before they are integrated into a runtime.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).