AgentReadyHomeAgent Listing

← Storacha MCP Storage Server

Storacha MCP Storage Server — agentic threat model

8.1AIVSS 8.1 · High

The Storacha MCP Storage Server introduces significant data exfiltration and compliance risks by allowing agents to write data to a public, immutable decentralized network (IPFS/Filecoin), meaning any accidental or malicious upload of sensitive information is permanent.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.6Factor sum 2.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.10
Dynamic Identity
0.40
Multi-Agent Interactions
0.30
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The Storacha MCP server is a tool integration rather than a foundation model, so model-level threats like adversarial reprogramming depend entirely on the host LLM calling this server.

L2 · Data Operations✓ mapped

Deals directly with content-addressed files (CIDs) on IPFS/Filecoin. Key threats include data exfiltration via unauthorized uploads of sensitive agent data to public networks, and data poisoning if the agent retrieves and executes malicious files via untrusted CIDs.

L3 · Agent Frameworks✓ mapped

Exposes file upload, retrieval, and listing tools to the calling agent. Threat includes tool misuse where a compromised or confused agent uploads internal configuration files, system prompts, or user secrets to the public decentralized web.

L4 · Deployment & Infrastructure✓ mapped

The server holds Storacha space and agent credentials locally or in its environment. Compromise of the host environment exposes these credentials, allowing unauthorized third parties to write to or manage the associated decentralized storage space.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, auditing, or guardrails to inspect what data the agent is sending to the decentralized network before it is permanently published.

L6 · Security & Compliance (cross-cutting)✓ mapped

Presents severe compliance challenges (e.g., GDPR/CCPA). Because IPFS/Filecoin is immutable, any personal data uploaded by the agent cannot be deleted, violating the 'right to be forgotten' and data privacy regulations.

L7 · Agent Ecosystem✓ mapped

As an MCP tool, it can be chained into multi-agent workflows. A compromised agent in the ecosystem could abuse this tool to exfiltrate proprietary data from other agents and publish it publicly.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).