AgentReadyHomeAgent Listing

← sslmon MCP

sslmon MCP — agentic threat model

5.2AIVSS 5.2 · Medium

The sslmon MCP is a low-risk, read-only utility for querying public SSL and WHOIS data. Its primary security risks stem from potential use in automated reconnaissance or SSRF if deployed without network restrictions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 0.42Factor sum 0.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The tool is an MCP server and does not bundle its own foundation model; it relies on the host LLM. Threats include prompt injection manipulating the domain input or interpreting spoofed SSL data.

L2 · Data Operations✓ mapped

The tool performs read-only external lookups of public WHOIS and SSL data. No vector stores or training data are used. Main threat is data poisoning/spoofing from malicious external DNS/WHOIS servers.

L3 · Agent Frameworks✓ mapped

Integrates via the Model Context Protocol (MCP). Threat of tool misuse where an attacker uses the LLM to perform bulk reconnaissance/scanning of domains using this tool.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Deployment details are host-dependent. If run locally or in an un-sandboxed container, SSRF is a threat if the tool can be coerced into querying internal network resources.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in logging, guardrails, or evaluation mechanisms are described. Host applications must monitor tool execution to detect abuse.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Lacks built-in authentication or access controls. Relies entirely on the host platform's security posture and network policies.

L7 · Agent Ecosystem✓ mapped

As an MCP tool, it can be exposed to other agents. Risks include cascading failures if another agent relies on its output to automate domain renewals or security decisions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).