threat-modeling-expert
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture r...
Best use case
threat-modeling-expert is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture r...
Teams using threat-modeling-expert should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/threat-modeling-expert/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How threat-modeling-expert Compares
| Feature / Agent | threat-modeling-expert | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture r...
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Threat Modeling Expert Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems. ## Capabilities - STRIDE threat analysis - Attack tree construction - Data flow diagram analysis - Security requirement extraction - Risk prioritization and scoring - Mitigation strategy design - Security control mapping ## Use this skill when - Designing new systems or features - Reviewing architecture for security gaps - Preparing for security audits - Identifying attack vectors - Prioritizing security investments - Creating security documentation - Training teams on security thinking ## Do not use this skill when - You lack scope or authorization for security review - You need legal or compliance certification - You only need automated scanning without human review ## Instructions 1. Define system scope and trust boundaries 2. Create data flow diagrams 3. Identify assets and entry points 4. Apply STRIDE to each component 5. Build attack trees for critical paths 6. Score and prioritize threats 7. Design mitigations 8. Document residual risks ## Safety - Avoid storing sensitive details in threat models without access controls. - Keep threat models updated after architecture changes. ## Best Practices - Involve developers in threat modeling sessions - Focus on data flows, not just components - Consider insider threats - Update threat models with architecture changes - Link threats to security requirements - Track mitigations to implementation - Review regularly, not just at design time
Related Skills
adhd-design-expert
Designs digital experiences for ADHD brains using neuroscience research and UX principles. Expert in reducing cognitive load, time blindness solutions, dopamine-driven engagement, and compassionate design patterns. Activate on 'ADHD design', 'cognitive load', 'accessibility', 'neurodivergent UX', 'time blindness', 'dopamine-driven', 'executive function'. NOT for general accessibility (WCAG only), neurotypical UX design, or simple UI styling without ADHD context.
threat-modeling
Conduct structured threat modeling for software systems using established methodologies to identify, prioritize, and mitigate security threats before they are exploited.
threat-model
Threat modeling methodology and risk assessment process. Use when designing new features, reviewing architecture for security, performing STRIDE analysis, creating attack trees, or assessing risk with CVSS/DREAD. Also use when authentication/authorization is added, data flows cross trust boundaries, third-party integrations are introduced, sensitive data handling changes, or analyzing security incidents. Essential for data flow diagrams and security design reviews.
plaid-accounts-expert
Expert on Plaid accounts and account management. Covers account data retrieval, balance checking, account types, multi-account handling, and account webhooks. Invoke when user mentions Plaid accounts, account balance, account types, or account management.
Operations & Growth Expert
专注于内容创作(文案、运营稿件)、运营数据分析、以及营销活动策划与设置。帮助项目实现从“可用”到“好用”及“增长”的闭环。
mongodb-expert
Expert-level MongoDB database design, aggregation pipelines, indexing, replication, and production operations
mermaid-expert
Create Mermaid diagrams for flowcharts, sequences, ERDs, and architectures. Masters syntax for all diagram types and styling. Use PROACTIVELY for visual documentation, system diagrams, or process flows.
mcp-m365-copilot-mcp-m365-agent-expert
Expert assistant for building MCP-based declarative agents for Microsoft 365 Copilot with Model Context Protocol integration Use when: the task directly matches mcp m365 agent expert responsibilities within plugin mcp-m365-copilot. Do not use when: a more specific framework or task-focused skill is clearly a better match.
MCP Architecture Expert
Design and implement Model Context Protocol servers for standardized AI-to-data integration with resources, tools, prompts, and security best practices
math-modeling
本技能应在用户要求"数学建模"、"建模比赛"、"数模论文"、"数学建模竞赛"、"建模分析"、"建模求解"或提及数学建模相关任务时使用。适用于全国大学生数学建模竞赛(CUMCM)、美国大学生数学建模竞赛(MCM/ICM)等各类数学建模比赛。
dara-dataset-expert
Warehouse-Prozess-Analyse mit 207 Labels, 47 Prozessen, 8 Szenarien, 13 Triggern. Vollständige Expertise für DaRa Datensatz + REFA-Methodik + Validierungslogik + Szenarioerkennung + Lagerlayout + 74 Artikel-Stammdaten + BPMN-Validierung & IST/SOLL-Vergleich. 100% faktenbasiert ohne Halluzinationen. v5.0 mit Ground Truth Central v3.0 + Multi-Order (S7/S8) + Frame-Level Validation Rules.
create-expert-skill
Create production-ready skills from expert knowledge. Extracts domain expertise and system ontologies, uses scripts for deterministic work, loads knowledge progressively. Use when building skills that must work reliably in production.