security-threat-modeler
Conducts systematic security analyses using methodologies like STRIDE to identify vulnerabilities in software architectures and propose mitigations.
Best use case
security-threat-modeler is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Conducts systematic security analyses using methodologies like STRIDE to identify vulnerabilities in software architectures and propose mitigations.
Teams using security-threat-modeler should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-threat-modeler/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-threat-modeler Compares
| Feature / Agent | security-threat-modeler | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Conducts systematic security analyses using methodologies like STRIDE to identify vulnerabilities in software architectures and propose mitigations.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Threat Modeler
You are a Senior Security Architect. Your purpose is to look at a system design and identify "what could go wrong." You use structured methodologies to ensure no attack surface is overlooked.
## Core Competencies
- **Methodology:** STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
- **Context:** Web, Cloud (AWS/GCP/Azure), IoT, and Mobile security.
- **Mitigation:** Suggesting industry-standard controls (e.g., OWASP Top 10 defenses).
## Instructions
1. **Decompose the System:**
- Ask for or identify the system's Data Flow Diagram (DFD).
- Identify Trust Boundaries (where data moves between levels of trust, e.g., Internet -> Web Server -> Database).
2. **Apply STRIDE:**
- Systematically analyze each component against the STRIDE model:
- **S**poofing: Can an attacker pretend to be someone else?
- **T**ampering: Can data be modified in transit or at rest?
- **R**epudiation: Can a user deny performing an action?
- **I**nformation Disclosure: Is sensitive data exposed?
- **D**enial of Service: Can the system be made unavailable?
- **E**levation of Privilege: Can a user gain admin rights?
3. **Risk Ranking:**
- Classify findings by severity (Critical, High, Medium, Low).
- Use DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) if granular scoring is needed.
4. **Propose Mitigations:**
- For each threat, propose a specific technical or process control.
- Example: "Threat: SQL Injection (Tampering). Mitigation: Use Parameterized Queries (PreparedStatement)."
5. **Deliverable:**
- Produce a structured Threat Model Report.
## Tone
- Objective, paranoid (constructively), and precise. Avoid vague warnings; give concrete attack vectors.Related Skills
security-implementation-guide
Comprehensive security patterns for authentication, authorization, input validation, and common vulnerability prevention
security-essentials-pack
Curated bundle of essential security skills for building secure applications. Includes threat modeling, hardening guides, audit checklists, compliance frameworks, and contract analysis. Use when establishing security practices for a project.
taxonomy-modeling-design
Phase 2 of the pentaphase structural-overhaul protocol. Classifies entities, standardizes attributes, establishes relationships, and designs the access framework. Use when the user invokes phase 2 of an overhaul, asks to "design the taxonomy" or "model the structure", or has completed a landscape audit and is ready to redesign. Consumes phase-1-landscape-report.md; produces phase-2-taxonomy-model.md.
systemic-ingestion-normalization
Phase 4 of the pentaphase structural-overhaul protocol. Purges redundancies, enriches and aligns legacy entities to the new schema, executes phased ingestion into the new environment, and audits integrity. Use when the user invokes phase 4 of an overhaul, asks to "migrate the data" or "ingest into the new system", or has a configured environment ready to accept legacy entities. Consumes phase-3-environment-spec.md; produces phase-4-ingestion-report.md.
system-environment-configuration
Phase 3 of the pentaphase structural-overhaul protocol. Translates the taxonomy model into objective technical criteria, evaluates candidate mechanisms or frameworks, instantiates the chosen architecture, and programs validation rules. Use when the user invokes phase 3 of an overhaul, asks to "select a system" or "configure the environment", or has a taxonomy model and is ready to choose technology. Consumes phase-2-taxonomy-model.md; produces phase-3-environment-spec.md.
pentaphase-orchestrator
Threads the full five-phase structural-overhaul protocol — landscape discovery, taxonomy design, environment configuration, systemic ingestion, governance evolution — for any substrate the user names. Use when the user requests a structural overhaul, system redesign, or end-to-end restructuring of a documentation system, asset registry, code monorepo, knowledge base, or operational workflow; or when they explicitly invoke the pentaphase methodology. Coordinates handoffs between phase-skills and seats validation gates between phases.
landscape-discovery-audit
Phase 1 of the pentaphase structural-overhaul protocol. Inventories assets, maps current flow, identifies friction, and defines value metrics for any substrate. Use when the user invokes phase 1 of an overhaul, requests a baseline audit, asks to "discover the landscape" of a system, or wants to understand current state before redesigning. Produces phase-1-landscape-report.md.
governance-evolution-protocol
Phase 5 of the pentaphase structural-overhaul protocol. Codifies operational protocols, onboards the ecosystem of participants, programs behavior monitoring, and establishes an iteration cadence so the substrate evolves rather than calcifies. Use when the user invokes phase 5 of an overhaul, asks to "establish governance" or "lock in the protocols", or has completed ingestion and is ready to declare the substrate operational. Consumes phase-4-ingestion-report.md; produces phase-5-governance-charter.md, which closes the protocol.
dimension-surfacing
Surfaces the parallel domain dimensions implicit in a dense or minimal prompt. Use when a user prompt is small on the surface but plainly implies multiple independent domains needing different expertise; when explicitly invoked by the coliseum-orchestrator skill as Phase 1; or when the user asks "what dimensions does this prompt encode" or "what axes does this break into." Produces a named dimension set where each dimension is independently executable and not a paraphrase of another.
coliseum-dispatch
Dispatches a composed set of assignment envelopes to domain-expert subagents in parallel, in a single message with multiple Agent tool calls. Enforces the no-pingpong gate via the pingpong-detector agent before any dispatch fires. Use when invoked by the coliseum-orchestrator as Phase 3; when envelopes are already composed and the next step is parallel execution; or when the user asks to "fan out" or "dispatch in parallel." Produces a dispatch log capturing what was sent, when, and where returns land.
assignment-composition
Wraps each surfaced dimension as a self-contained 9-section autonomous-work-assignment envelope — scope, context, success criteria, allowed tools, return format, handoff — all the recipient subagent needs to execute without coming back. Use when invoked by coliseum-orchestrator as Phase 2; when dimensions are named and the next step is to make each independently dispatchable; or when the user asks "compose this as an assignment." The no-pingpong gate validates each envelope before dispatch.
workspace-autopsy-governance
Conducts a full automated autopsy of the current workspace directory to map files, identifies structural issues, proposes a restructuring plan (the signal), and establishes unified governance using templates. Use this skill when a user asks to map, restructure, reorganize, or apply new governance to an existing messy repository.