dtsong/threat-model
skills/council/skeptic/threat-model/SKILL.md
Use when applying STRIDE threat modeling to identify security risks in proposed features. Covers trust boundary mapping, data flow analysis, threat rating, mitigation proposals, and residual risk documentation. Do not use for failure scenario discovery (use failure-mode-analysis) or boundary value testing (use edge-case-enumeration).
$ install --global
skillsauthnpx skillsauth add dtsong/my-claude-setup threat-modelInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 4:34 AM227.8s1 file scanned
SKILL.md
- name:
- threat-model
- department:
- skeptic
- description:
- Use when applying STRIDE threat modeling to identify security risks in proposed features. Covers trust boundary mapping, data flow analysis, threat rating, mitigation proposals, and residual risk documentation. Do not use for failure scenario discovery (use failure-mode-analysis) or boundary value testing (use edge-case-enumeration).
- version:
- 1
Threat Model
Purpose
Apply STRIDE threat modeling to identify security risks in proposed features and produce mitigation recommendations.
Scope Constraints
Analyzes feature proposals, architecture diagrams, and authentication/authorization flows for security threats. Does not execute exploits, modify code, or access production systems. Limited to design-time threat identification and mitigation planning.
Inputs
- Feature description or proposal being analyzed
- System architecture context (services, data stores, external dependencies)
- Authentication/authorization flows involved
- Data sensitivity classification
Input Sanitization
No user-provided values are used in commands or file paths. All inputs are treated as read-only analysis targets.
Procedure
Step 1: Define Trust Boundaries
Identify what's inside the trust boundary, what's outside, and where boundaries are crossed. Map out the system perimeter, internal service boundaries, and client/server boundaries.
Step 2: Enumerate Data Flows
Trace each data flow: user input → processing → storage → output. Identify each hop, transformation, and boundary crossing. Note where data changes trust level.
Step 3: Apply STRIDE Per Data Flow
For each data flow, analyze all six threat categories:
- Spoofing: Can someone impersonate a legitimate user or service?
- Tampering: Can data be modified in transit or at rest?
- Repudiation: Can actions be denied without an audit trail?
- Information Disclosure: Can sensitive data leak through errors, logs, or APIs?
- Denial of Service: Can the system be overwhelmed or made unavailable?
- Elevation of Privilege: Can a user gain unauthorized access to resources?
Step 4: Rate Each Threat
Use Likelihood x Impact to assign a Risk Score:
- Critical: Likely + Severe impact (data breach, full compromise)
- High: Likely + Moderate impact, or Possible + Severe impact
- Medium: Possible + Moderate impact
- Low: Unlikely + Minor impact
Step 5: Propose Mitigations
For all High+ threats, propose specific, actionable mitigations. Not "add security" — instead "validate JWT signature on every API route using middleware X" or "add rate limiting of 100 req/min per IP on /api/auth endpoints."
Step 6: Identify Residual Risks
Document what remains after mitigations are applied. Note accepted risks and their justification.
Progress Checklist
- [ ] Step 1: Trust boundaries defined
- [ ] Step 2: Data flows enumerated
- [ ] Step 3: STRIDE analysis applied per data flow
- [ ] Step 4: Threats rated by likelihood x impact
- [ ] Step 5: Mitigations proposed for High+ threats
- [ ] Step 6: Residual risks documented
Compaction resilience: If context was lost during a long session, re-read the Inputs section to reconstruct what system is being analyzed, check the Progress Checklist for completed steps, then resume from the earliest incomplete step.
Output Format
Trust Boundary Diagram
┌─────────────────────────────┐
│ Trust Boundary: [Name] │
│ │
│ [Internal Components] │
│ │
└──────────┬──────────────────┘
│ [Data Flow]
▼
[External Component]
Threat Table
| STRIDE Category | Threat Description | Risk Rating | Mitigation | Status | |---|---|---|---|---| | Spoofing | [Description] | High | [Specific mitigation] | Open | | ... | ... | ... | ... | ... |
Residual Risk Summary
- [Risk]: [Why it's accepted] — [Monitoring approach]
Handoff
- Hand off to failure-mode-analysis if infrastructure failure scenarios are identified during threat modeling.
- Hand off to architect/codebase-context if architectural vulnerabilities require structural remediation.
Quality Checks
- [ ] Every data flow has full STRIDE analysis
- [ ] All High+ threats have specific, actionable mitigations
- [ ] Mitigations reference concrete implementation approaches
- [ ] Auth flows are fully covered (login, session, token refresh, logout)
- [ ] Third-party integrations are analyzed for trust boundary crossings
- [ ] Residual risks are documented with justification
Evolution Notes
<!-- Observations appended after each use -->Related Skills
dtsong/workflow
development
VerifiedTrustedCommunity
Use when planning implementation steps, deciding commit format, or structuring development approach. Provides brainstorm-plan-implement flow with conventional commits. Triggers on 'how should I approach this', 'commit format'.
4SKILL.mdUpdated Apr 28, 2026
dtsong/web-security-hardening
development
VerifiedTrustedCommunity
Security audit checklist for web applications. Use when reviewing, auditing, or hardening a web app's security posture. Covers rate limiting, auth headers, IP blocking, CORS, security middleware, input validation, file upload limits, ORM usage, and password hashing. Triggers on requests like "review security", "harden this app", "security audit", "check for vulnerabilities", or when building/reviewing API endpoints.
4SKILL.mdUpdated Apr 28, 2026
dtsong/web-design-guidelines
development
VerifiedTrustedCommunity
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
4SKILL.mdUpdated Apr 28, 2026
dtsong/vercel-react-best-practices
development
VerifiedTrustedCommunity
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
4SKILL.mdUpdated Apr 28, 2026