Every attack vector we have considered, and how we mitigate it. Full transparency.
This threat model is a living document. We publish it so that security researchers, enterprise buyers, and the community can hold us accountable. If you identify a threat we have not considered, please report it.
| Threat | Vector | Mitigation | Status |
|---|---|---|---|
| Forged evaluation reports | Attacker creates fake "certified" claims | HMAC-SHA256 signed reports, hash chain audit log | ✅ Mitigated |
| Stolen API key (self-service) | Key leaked in code/logs | Per-key rate limits, permission scoping, revocation, activity logging | ✅ Mitigated |
| Stolen API key (admin) | Key leaked | Attestation spending caps, key rotation, activity logging | ✅ Mitigated |
| Wallet drain | Private key compromise | Spending caps (10 att/day), monitoring alerts | ⚠️ Partially (multisig planned) |
| Bot spam on forms | Automated form submissions | Cloudflare Turnstile + honeypot + timestamp + rate limiting | ✅ Mitigated |
| Evaluation gaming | Skill passes with good manifest but bad code | Live endpoint testing required for certification, manifest-only capped at 85 | ✅ Mitigated |
| Dependency supply chain attack | Certified skill uses vulnerable dependency | OSV.dev CVE checking during evaluation | ✅ Mitigated |
| Stale certification | Skill certified before new vulnerability discovered | Living evaluator, weekly pattern updates, automatic re-certification | ✅ Mitigated |
| Report tampering | Modify historical evaluation results | Hash chain audit log, HMAC signatures | ✅ Mitigated |
| DNS/domain spoofing | Fake SXM site issues fake certs | Blockchain attestations on Polygon (independently verifiable) | ✅ Mitigated |
| Prompt injection in eval | Malicious manifest tricks the evaluator | Evaluator uses structured analysis, not LLM chat | ✅ Mitigated |
| DDoS on evaluation | Flood evaluate endpoint | Rate limiting (3/hour), admin key required | ✅ Mitigated |
| Badge spoofing | Copy SVG badge without certification | Badge dynamically generated from DB, links to verification page | ✅ Mitigated |
| Insider threat | Compromised admin issues false certs | All certifications blockchain-attested (immutable), audit log, key rotation | ✅ Mitigated |
| Data exfiltration from SXM | Attack SXM platform itself | No PII stored beyond email, Helmet.js headers, CSP, sanitised logging | ✅ Mitigated |