threat-modeler

Generate threat models using STRIDE, PASTA, or VAST methodologies

509 stars

bya5c-ai

View on GitHub Installation ↓

Best use case

threat-modeler is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Generate threat models using STRIDE, PASTA, or VAST methodologies

Teams using threat-modeler should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/threat-modeler/SKILL.md --create-dirs "https://raw.githubusercontent.com/a5c-ai/babysitter/main/library/specializations/software-architecture/skills/threat-modeler/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/threat-modeler/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How threat-modeler Compares

Feature / Agent	threat-modeler	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Generate threat models using STRIDE, PASTA, or VAST methodologies

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Threat Modeler Skill

## Overview

Generates threat models using STRIDE, PASTA, or VAST methodologies with attack tree generation, data flow diagram analysis, and threat prioritization using DREAD.

## Capabilities

- Generate STRIDE threat models
- PASTA methodology support
- VAST methodology support
- Attack tree generation
- Data flow diagram analysis
- Threat prioritization (DREAD)
- Microsoft Threat Modeling Tool integration
- Mitigation recommendations

## Target Processes

- security-architecture-review
- api-design-specification

## Input Schema

```json
{
  "type": "object",
  "required": ["system"],
  "properties": {
    "system": {
      "type": "object",
      "properties": {
        "name": { "type": "string" },
        "description": { "type": "string" },
        "dataFlows": { "type": "array" },
        "assets": { "type": "array" },
        "trustBoundaries": { "type": "array" },
        "externalEntities": { "type": "array" }
      }
    },
    "methodology": {
      "type": "string",
      "enum": ["STRIDE", "PASTA", "VAST"],
      "default": "STRIDE"
    },
    "options": {
      "type": "object",
      "properties": {
        "prioritization": {
          "type": "string",
          "enum": ["DREAD", "CVSS", "custom"],
          "default": "DREAD"
        },
        "generateAttackTrees": {
          "type": "boolean",
          "default": true
        },
        "outputFormat": {
          "type": "string",
          "enum": ["json", "markdown", "html"],
          "default": "markdown"
        }
      }
    }
  }
}
```

## Output Schema

```json
{
  "type": "object",
  "properties": {
    "threats": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "id": { "type": "string" },
          "category": { "type": "string" },
          "title": { "type": "string" },
          "description": { "type": "string" },
          "affectedAssets": { "type": "array" },
          "riskScore": { "type": "number" },
          "mitigations": { "type": "array" }
        }
      }
    },
    "attackTrees": {
      "type": "array"
    },
    "dataFlowDiagram": {
      "type": "string",
      "description": "DFD in specified format"
    },
    "summary": {
      "type": "object",
      "properties": {
        "totalThreats": { "type": "number" },
        "byCategory": { "type": "object" },
        "bySeverity": { "type": "object" }
      }
    }
  }
}
```

## Usage Example

```javascript
{
  kind: 'skill',
  skill: {
    name: 'threat-modeler',
    context: {
      system: {
        name: 'E-Commerce Platform',
        assets: ['User Data', 'Payment Info', 'Inventory'],
        trustBoundaries: ['DMZ', 'Internal Network'],
        dataFlows: [
          { from: 'User', to: 'Web Server', data: 'Credentials' }
        ]
      },
      methodology: 'STRIDE',
      options: {
        prioritization: 'DREAD',
        generateAttackTrees: true
      }
    }
  }
}
```

Related Skills

systems-dynamics-modeler

509

from a5c-ai/babysitter

Skill for building and simulating systems dynamics models

noise-modeler

509

from a5c-ai/babysitter

Quantum noise modeling skill for simulation and hardware characterization

pymc-bayesian-modeler

509

from a5c-ai/babysitter

PyMC probabilistic programming skill for hierarchical Bayesian models in physics data analysis

comsol-multiphysics-modeler

509

from a5c-ai/babysitter

COMSOL finite element skill for multiphysics simulations including electromagnetics, heat transfer, and fluid dynamics

environmental-fate-modeler

509

from a5c-ai/babysitter

Environmental nanosafety skill for modeling nanomaterial environmental fate and transport

linear-program-modeler

509

from a5c-ai/babysitter

Mathematical programming skill for formulating and solving linear programming models for resource allocation, production planning, and capacity optimization.