AgentReadyHomeAgent Listing

← StackHawk MCP Server

StackHawk MCP Server — agentic threat model

7.7AIVSS 7.7 · High

The StackHawk MCP Server exposes highly sensitive DAST scan analytics, YAML configurations, and threat-surface data to LLMs, presenting a high-value target for attackers seeking to map application vulnerabilities or manipulate security configurations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.61Factor sum 3.9/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.30
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, but the agent includes anti-hallucination tools to mitigate mis-aligned outputs and adversarial prompt injections targeting security analytics.

L2 · Data Operations✓ mapped

Exposes sensitive DAST scan results, threat-surface data, and YAML configurations. Gaps in data operations could lead to exfiltration of application vulnerability data or poisoning of security configurations.

L3 · Agent Frameworks✓ mapped

Orchestrates security tools via the Model Context Protocol (MCP). Vulnerabilities in tool integration could allow malicious actors to manipulate YAML configuration management or trigger unauthorized scan actions.

L4 · Deployment & Infrastructure✓ mapped

Requires a StackHawk API token for authentication. Compromise of this token or insecure local hosting of the MCP server could lead to unauthorized access to the StackHawk platform and lateral movement into CI/CD pipelines.

L5 · Evaluation & Observability✓ mapped

Features built-in anti-hallucination tools for LLMs to ensure accurate reporting of security analytics, though comprehensive logging and drift detection of LLM-generated security recommendations are not fully detailed.

L6 · Security & Compliance (cross-cutting)✓ mapped

Relies on API token-based authentication to enforce access control. Strict authorization policies are critical to prevent unauthorized users from querying sensitive vulnerability data through the LLM interface.

L7 · Agent Ecosystem✓ mapped

As an MCP server, it is designed to interact with broader LLM ecosystems and client applications. Compromise of a connected agent could lead to cascading trust abuse, exposing the underlying security tooling surface.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).