skill-threat-modeling
🥈SilverAutomates threat modeling with STRIDE, CWE, CAPEC, and ATT&CK frameworks. Integrates with Claude Code for security design reviews, penetration testing, and compliance assessments. Benefits operations teams by streamlining risk analysis and attack chain mapping.
163160Updated Today
Intermediate30min to implementautomation
Saves ~300 min per use
Quick InstallView Source
git clone https://github.com/fr33d3m0n/skill-threat-modeling.gitWorks with:
Claude
Overview
About This Skill
Automates threat modeling with STRIDE, CWE, CAPEC, and ATT&CK frameworks. Integrates with Claude Code for security design reviews, penetration testing, and compliance assessments. Benefits operations teams by streamlining risk analysis and attack chain mapping.
Setup & Installation
Quick Install
No install command available. Check the GitHub repository for manual installation instructions.
Alternative Install (Git Clone)
git clone https://github.com/fr33d3m0n/skill-threat-modelingRequirements
- Claude Code or compatible AI agent
- Works with: Claude
Quick Start Guide
1
Install the Skill
Copy the install command above and run it in your terminal.
2
Open Your AI Agent
Launch Claude Code, Cursor, or your preferred AI coding agent.
3
Try It Out
Use the prompt template or examples below to test the skill.
4
Customize
Adapt the skill to your specific use case and workflow.
Usage Examples
Prompt Template
Analyze the security risks of a [COMPANY]'s [INDUSTRY] application using the 8-phase workflow. Include security design review, STRIDE threat modeling, penetration testing, attack chain analysis, and software compliance assessment. Provide detailed findings and recommendations for mitigation.
Example Output
# Security Risk Analysis for [COMPANY] Application ## 1. Security Design Review - **Authentication**: Multi-factor authentication (MFA) is implemented but lacks fallback options for users without access to secondary devices. - **Data Encryption**: Data at rest is encrypted, but data in transit is only encrypted for external communications, not internal. - **Access Control**: Role-based access control (RBAC) is in place, but there are no regular access reviews. ## 2. STRIDE Threat Modeling - **Spoofing**: Potential for session hijacking due to weak session management. - **Tampering**: Data integrity checks are not implemented for critical data. - **Repudiation**: Audit logs are not comprehensive enough to track all user actions. - **Information Disclosure**: Sensitive data is exposed in error logs. - **Denial of Service**: The application is vulnerable to brute force attacks. - **Elevation of Privilege**: Insufficient privilege separation between roles. ## 3. Penetration Testing and Attack Chain Analysis - **Vulnerabilities Identified**: SQL injection, cross-site scripting (XSS), and insecure direct object references. - **Attack Chains**: Attackers can exploit these vulnerabilities to gain unauthorized access to sensitive data. ## 4. Software Compliance Assessment - **Compliance Gaps**: The application does not fully comply with [INDUSTRY] regulations regarding data protection and privacy. ## Recommendations - Implement MFA fallback options and strengthen session management. - Add data integrity checks and comprehensive audit logs. - Redact sensitive data in error logs. - Implement rate limiting to prevent brute force attacks. - Review and update RBAC policies regularly. - Address identified vulnerabilities and conduct regular security assessments.
Apply to these tools
Browse all toolsMode
Unlock data insights with interactive dashboards and collaborative analytics capabilities.
Claude
AI assistant built for thoughtful, nuanced conversation
Codility
Streamline tech recruiting with automated coding assessments and customizable tests.
Stitch Data
Simple data integration for modern teams
Kudos
Enhance employee engagement through customizable peer recognition and instant feedback.
IronCalc
IronCalc is a spreadsheet engine and ecosystem
