unity-editor-toolkit — agentic threat model
The unity-editor-toolkit presents a high-risk local attack surface by exposing 86 powerful WebSocket commands to control a live Unity Editor. Without explicit sandboxing or authentication, a compromise of the driving LLM (Claude Code) or the local WebSocket port could lead to arbitrary code execution and asset destruction.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.60 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Claude Code is the underlying driver, but the plugin itself does not specify the exact model version. Threats include prompt injection bypassing Claude's safety guardrails to execute malicious Unity commands.
Uses SQLite-backed GUID persistence and reads Unity project metadata. Threats include SQLite injection, local database tampering, or poisoning of GUID mappings leading to unauthorized asset modifications.
Integrates as a Claude Code plugin with 86 WebSocket commands. Threats include insecure tool integration, where Claude is tricked into executing destructive editor commands (e.g., deleting assets, modifying build settings) without explicit user confirmation.
Runs locally, connecting to a live Unity Editor over WebSockets. Threats include unauthorized local or network access to the unauthenticated WebSocket port, allowing external actors to control the Unity Editor.
Not certain from the listing — no built-in logging, guardrails, or evaluation frameworks are mentioned. Lack of observability could allow malicious or erroneous commands to execute silently in the background.
Not certain from the listing — lacks explicit authentication, authorization, or audit logging mechanisms for the WebSocket connection, posing significant compliance and security risks for enterprise environments.
Acts as a bridge between Claude Code and the Unity Editor. Threats include cascading failures where a compromised Claude session or malicious third-party plugin leverages this tool to gain full control over the local development environment.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).