bobmatnyc/threat-modeling
universal/security/threat-modeling/SKILL.md
Threat modeling workflow for software systems: scope, data flow diagrams, STRIDE analysis, risk scoring, and turning mitigations into backlog and tests
$ install --global
skillsauthnpx skillsauth add bobmatnyc/claude-mpm-skills threat-modelingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 30, 2026, 3:42 AM159.1s5 files scanned
SKILL.md
- name:
- threat-modeling
- description:
- Threat modeling workflow for software systems: scope, data flow diagrams, STRIDE analysis, risk scoring, and turning mitigations into backlog and tests
- user-invocable:
- false
- disable-model-invocation:
- true
- version:
- 1.0.0
- category:
- universal
- author:
- Claude MPM Team
- license:
- MIT
- summary:
- Run a lightweight threat modeling workshop (STRIDE) and turn risks into concrete mitigations, tests, and PR checks
- when_to_use:
- When designing new features, reviewing architecture changes, handling sensitive data, or hardening auth/payment/multi-tenant flows
- quick_start:
- 1. Define scope/assets 2. Draw data flows + trust boundaries 3. STRIDE per element 4. Score + prioritize 5. Track mitigations + tests
- entry:
- 150
- full:
- 8000
- context_limit:
- 900
- requires_tools:
- []
Threat Modeling (STRIDE)
Outputs (Definition of Done)
Produce a data flow diagram, a threat register, and a mitigation plan that becomes tickets and tests.
Load Next (References)
references/stride-workshop.md— step-by-step workshop agenda + DFD guidancereferences/common-threats-and-mitigations.md— threat catalog with mitigationsreferences/templates.md— copy/paste templates for docs and tickets
Related Skills
bobmatnyc/axum
development
VerifiedTrustedCommunity
Axum (Rust) web framework patterns for production APIs: routers/extractors, state, middleware, error handling, tracing, graceful shutdown, and testing
53SKILL.mdUpdated May 19, 2026
bobmatnyc/web-performance-optimization
development
VerifiedTrustedCommunity
Optimize web performance using Core Web Vitals, modern patterns (View Transitions, Speculation Rules), and framework-specific techniques
49SKILL.mdUpdated May 30, 2026
bobmatnyc/api-documentation
development
VerifiedTrustedCommunity
Best practices for documenting APIs and code interfaces, eliminating redundant documentation guidance per agent.
49SKILL.mdUpdated May 30, 2026
bobmatnyc/api-design-patterns
development
VerifiedTrustedCommunity
Comprehensive API design patterns covering REST, GraphQL, gRPC, versioning, authentication, and modern API best practices
49SKILL.mdUpdated May 30, 2026