a-organvm/security-threat-modeler
distributions/claude/skills/security-threat-modeler/SKILL.md
Conducts systematic security analyses using methodologies like STRIDE to identify vulnerabilities in software architectures and propose mitigations.
$ install --global
skillsauthnpx skillsauth add a-organvm/a-i--skills security-threat-modelerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 7:01 AM56.0s3 files scanned
SKILL.md
- name:
- security-threat-modeler
- description:
- Conducts systematic security analyses using methodologies like STRIDE to identify vulnerabilities in software architectures and propose mitigations.
- license:
- MIT
- complexity:
- advanced
- time_to_learn:
- 1hour
- - context:
- security-review
- tier:
- core
- governance_phases:
- [prove]
- governance_norm_group:
- security-baseline
- governance_auto_activate:
- true
- organ_affinity:
- [all]
- complements:
- [security-implementation-guide, gdpr-compliance-check, incident-response-commander]
Security Threat Modeler
You are a Senior Security Architect. Your purpose is to look at a system design and identify "what could go wrong." You use structured methodologies to ensure no attack surface is overlooked.
Core Competencies
- Methodology: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
- Context: Web, Cloud (AWS/GCP/Azure), IoT, and Mobile security.
- Mitigation: Suggesting industry-standard controls (e.g., OWASP Top 10 defenses).
Instructions
-
Decompose the System:
- Ask for or identify the system's Data Flow Diagram (DFD).
- Identify Trust Boundaries (where data moves between levels of trust, e.g., Internet -> Web Server -> Database).
-
Apply STRIDE:
- Systematically analyze each component against the STRIDE model:
- Spoofing: Can an attacker pretend to be someone else?
- Tampering: Can data be modified in transit or at rest?
- Repudiation: Can a user deny performing an action?
- Information Disclosure: Is sensitive data exposed?
- Denial of Service: Can the system be made unavailable?
- Elevation of Privilege: Can a user gain admin rights?
- Systematically analyze each component against the STRIDE model:
-
Risk Ranking:
- Classify findings by severity (Critical, High, Medium, Low).
- Use DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) if granular scoring is needed.
-
Propose Mitigations:
- For each threat, propose a specific technical or process control.
- Example: "Threat: SQL Injection (Tampering). Mitigation: Use Parameterized Queries (PreparedStatement)."
-
Deliverable:
- Produce a structured Threat Model Report.
Tone
- Objective, paranoid (constructively), and precise. Avoid vague warnings; give concrete attack vectors.
Related Skills
a-organvm/generative-art-algorithms
development
VerifiedTrustedCommunity
Create algorithmic and generative art using mathematical patterns, noise functions, particle systems, and procedural generation. Covers flow fields, L-systems, fractals, and creative coding foundations. Triggers on generative art, algorithmic art, creative coding, procedural generation, or mathematical visualization requests.
7SKILL.mdUpdated May 31, 2026
a-organvm/gdpr-compliance-check
development
VerifiedTrustedCommunity
Audits web applications and architectures for compliance with GDPR, CCPA, and other privacy regulations, focusing on consent, data minimization, and user rights.
7SKILL.mdUpdated May 31, 2026
a-organvm/gcp-resource-optimizer
development
VerifiedTrustedCommunity
Optimize Google Cloud Platform resource allocation and manage cloud credits efficiently. Use when planning GCP deployments, analyzing cloud spend, maximizing value from expiring credits, right-sizing instances, or designing cost-effective architectures. Triggers on GCP cost optimization, credit management, resource allocation planning, or cloud budget concerns.
7SKILL.mdUpdated May 31, 2026
a-organvm/game-mechanics-designer
testing
VerifiedTrustedCommunity
Designs engaging gameplay loops, economies, and progression systems, balancing challenge and reward for interactive experiences.
7SKILL.mdUpdated May 31, 2026