AgentReadyHomeAgent Listing

← WMaster ZipKing

WMaster ZipKing — agentic threat model

7.8AIVSS 7.8 · High

WMaster ZipKing is a traditional file compression utility with no apparent AI or agentic capabilities, meaning its risk profile is dominated by classic software vulnerabilities (such as path traversal or buffer overflows during decompression) rather than agentic risks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.02Factor sum 0.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.00
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.00
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.00
Opacity & Reflexivity
0.00

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The description does not mention any underlying LLM or foundation model; it appears to be a traditional file compression utility rather than an AI agent.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — There is no indication of RAG, vector databases, or training data operations; it processes local files for compression and decompression.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — No agent orchestration framework, planning, or tool-calling capabilities are described; it operates as a standard deterministic utility.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting and deployment model (local desktop app vs. cloud service) is not specified, though file processing poses risks of path traversal or zip slip if poorly sandboxed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There are no mentioned AI evaluation, guardrail, or observability mechanisms for monitoring model drift or outputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Aside from supporting password-protected compression, no enterprise security, compliance certifications, or access control policies are detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The tool does not interact with other AI agents or marketplaces; it is a standalone utility.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).