Comprehensive threat modeling toolkit using STRIDE, attack trees, data flow analysis, and risk scoring. Model threats, analyze attack surfaces, assess organizational risk, and map trust boundaries.
npx claudepluginhub sethdford/claude-skills --plugin security-threat-modelingAnalyze the attack surface to identify exposed components, entry points, and potential attack vectors.
Quantify organizational risk from identified threats using likelihood, impact, and risk scoring methodologies.
Identify and document trust boundaries in the architecture, showing where privilege levels, security contexts, or threat models change.
Conduct comprehensive threat modeling using STRIDE, attack trees, and risk scoring on a system design or architecture.
Design abuse cases (negative use cases) showing how attackers misuse system features. Use when identifying attacks that exploit intended functionality or business logic flaws.
Create a comprehensive inventory of assets (data, systems, infrastructure, people) and their criticality, value, and dependencies. Use when prioritizing threats and allocating security resources.
Build hierarchical attack trees showing how attackers decompose goals into sub-goals and exploits. Use when analyzing attack paths, prioritizing security investments, or assessing attacker effort and cost.
Create and analyze DFDs (Data Flow Diagrams) with security focus, identifying data flows across trust boundaries, storage, and processing points. Use when modeling system architecture for threat analysis.
Quantify risk using likelihood and impact, apply severity ratings, and prioritize mitigations. Use when prioritizing threats, allocating security budget, and communicating risk to leadership.
Systematically identify and document threats using the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). Use when designing systems, reviewing architectures, conducting security design reviews, or updating threat models.
Systematically identify threats from threat libraries, historical CVEs, and attacker tactics. Use when augmenting STRIDE analysis with known threats from MITRE ATT&CK, CWE, or your industry.
Build and maintain a reusable threat library tailored to your organization, platform, and threat landscape. Use when cataloging threats for future analyses, threat modeling sessions, and architecture reviews.
Identify trust boundaries in system architecture where privilege levels, authority, or security contexts change. Use when designing authentication, authorization, and inter-component communication.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains
Battle-tested Claude Code plugin for engineering teams — 38 agents, 156 skills, 72 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Stripe development plugin for Claude
Professional WordPress engineering skills for Claude Code — performance optimization, security auditing, Gutenberg block development, and theme/plugin best practices
Claude + Google Stitch workflow toolkit with MCP integration (prompt authoring, screen generation, design extraction)