attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Best use case
attack-tree-construction is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Teams using attack-tree-construction should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/attack-tree-construction/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How attack-tree-construction Compares
| Feature / Agent | attack-tree-construction | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Attack Tree Construction Systematic attack path visualization and analysis. ## Use this skill when - Visualizing complex attack scenarios - Identifying defense gaps and priorities - Communicating risks to stakeholders - Planning defensive investments or test scopes ## Do not use this skill when - You lack authorization or a defined scope to model the system - The task is a general risk review without attack-path modeling - The request is unrelated to security assessment or design ## Instructions - Confirm scope, assets, and the attacker goal for the root node. - Decompose into sub-goals with AND/OR structure. - Annotate leaves with cost, skill, time, and detectability. - Map mitigations per branch and prioritize high-impact paths. - If detailed templates are required, open `resources/implementation-playbook.md`. ## Safety - Share attack trees only with authorized stakeholders. - Avoid including sensitive exploit details unless required. ## Resources - `resources/implementation-playbook.md` for detailed patterns, templates, and examples.
Related Skills
dma-attack-techniques
Guide for Direct Memory Access (DMA) attack techniques using FPGA hardware. Use this skill when researching PCIe DMA attacks, pcileech, FPGA firmware development, or hardware-based memory access for game security research.
clawstreetbets
Create and vote on AI prediction markets on ClawStreetBets — where crabs call the future
worktree-wizard-integration
This skill should be used when the user asks to "set up worktree-wizard", "integrate worktree-wizard", "add worktree support", "create docker-compose for worktrees", "add wt labels", "configure hot-reload for Docker", "set up volume mounts", "isolate ports per worktree", "onboard project to worktree-wizard", or needs guidance on wt.base-port labels, WT_* env var patterns, slot-based port isolation, dev-mode Dockerfiles, or hot-reload configurations per framework.
continuous-learning-construction
Automatically extract patterns, best practices, and reusable knowledge from construction automation sessions to improve future performance.
worktree-setup
Automatically invoked after `git worktree add` to create data/shared symlink and data/local directory. Required before starting work in any new worktree.
Braintree Automation
Braintree Automation: manage payment processing via Stripe-compatible tools for customers, subscriptions, payment methods, and transactions
Active Directory Attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
worktree-tending
Manage git worktrees for parallel branch development using custom git scripts (git-newtree, git-killtree, git-maingulp). Use when creating new worktrees, listing active worktrees, or closing/merging worktrees back to main. All worktrees are stored in .tree/ subdirectories of the repository.
using-git-worktrees
Use when starting feature work that needs isolation from current workspace or before executing implementation plans - creates isolated git worktrees with smart directory selection and safety verifi...
git-worktree
Git Worktree 管理命令。提供 init、list、remove 三个子命令来管理项目 worktree。
agent-ops-git-worktree
Manage git worktrees for isolated development. Create, list, remove, and work in worktrees.
bgo
Automated Blender build-go workflow. Automatically builds, removes old version, installs, enables, and launches Blender with your extension/add-on. Use when you want to quickly test changes, execute complete build-to-launch cycle, or run custom packaging scripts with automatic Blender launch.