Thermos
Official Cursor plugin doing deep security/correctness branch audits with parallel subagents and merge-ready PR flows.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Thermos, derived from its capabilities.
AIVSS 9.2 · Critical
View MAESTRO 7-layer threat model →Overview
A 'thermo-nuclear branch review' plugin: it runs deep security and correctness audits against a branch using harsh code-quality rubrics, fans work out to parallel subagents, and can open merge-ready PRs. Ships as a Cursor plugin (subagents + commands + orchestration). Security surface: it clones/reads code, spawns subagents, and can create PRs.
Key features
- Deep security + correctness audits
- Parallel subagent orchestration
- Optional merge-ready PR creation
Use cases
- Harsh pre-merge review of a branch
- Automated security audit inside Cursor