Plugin

openai-security-threat-model

Name: openai-security-threat-model
Author: trailofbits

Generate concise Markdown threat models for specified codebases or paths, enumerating trust boundaries, key assets, attacker capabilities, abuse paths, and mitigations. Triggers only on explicit AppSec threat modeling requests, providing repo-grounded security analysis without general code reviews.

security

Component Overview

Commands

Agents

openai-security-threat-model

Skills

Hooks

MCP Servers

LSP Servers

Output Styles

Themes

Monitors

Install

npx claudepluginhub trailofbits/skills-curated --plugin openai-security-threat-model

Component Details

Skills (1)

openai-security-threat-model

/openai-security-threat-model

Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work. Originally from OpenAI's curated skills catalog.

README

Curated Skills Marketplace

Trail of Bits' reviewed and approved Claude Code plugins. Every skill and marketplace here has been vetted for quality and safety.

Why This Exists

We don't want people at Trail of Bits installing random plugins from GitHub repos we haven't reviewed. Published skills have been found with backdoors and malicious hooks, and the ecosystem has no built-in quality gate. This repo is how we solve that problem internally.

Everything here has been code-reviewed by Trail of Bits staff. We're sharing it publicly so the broader community benefits from the same vetting.

Installation

/plugin marketplace add trailofbits/skills-curated
/plugin menu

Available Plugins

Development

Plugin	Description
planning-with-files	File-based planning with persistent markdown for complex multi-step tasks
python-code-simplifier	Simplify and refine Python code for clarity and maintainability
react-pdf	Generate PDF documents with React-PDF (flexbox layout, SVG, custom fonts)
skill-extractor	Extract reusable skills from work sessions

Security

Plugin	Description
ffuf-web-fuzzing	Expert guidance for ffuf web fuzzing during authorized penetration testing
ghidra-headless	Reverse engineer binaries using Ghidra's headless analyzer
scv-scan	Audit Solidity codebases for 36 smart contract vulnerability classes
security-awareness	Recognize and avoid phishing, credential theft, and social engineering during agent operation
wooyun-legacy	Web vulnerability testing methodology from 88,636 real-world cases (WooYun 2010-2016)

Research

Plugin	Description
last30days	Research any topic from the last 30 days across Reddit, X, and the web
x-research	Search X/Twitter for real-time perspectives, discussions, and expert opinions

Writing

Plugin	Description
humanizer	Identifies and removes AI writing patterns to make text sound natural

OpenAI (Converted)

Auto-converted from openai/skills using scripts/convert_openai_skills.py. Portable skills only (no MCP or OpenAI API dependencies).

Plugin	Description
openai-cloudflare-deploy	Deploy applications to Cloudflare Workers and Pages
openai-develop-web-game	Build and iterate on web games (HTML/JS) with a dev + testing loop
openai-doc	Read, create, and edit `.docx` documents with formatting fidelity
openai-gh-address-comments	Address review and issue comments on GitHub PRs
openai-gh-fix-ci	Debug and fix failing GitHub Actions CI checks
openai-jupyter-notebook	Create, scaffold, and edit Jupyter notebooks
openai-netlify-deploy	Deploy web projects to Netlify using the CLI
openai-pdf	Read, create, and review PDF files with layout awareness
openai-playwright	Automate real browsers from the terminal via playwright-cli
openai-screenshot	Take desktop or system screenshots
openai-security-best-practices	Language and framework specific security best-practice reviews
openai-security-ownership-map	Build security ownership topology from git history
openai-security-threat-model	Repository-grounded threat modeling with trust boundaries and abuse paths
openai-sentry	Inspect Sentry issues and summarize production errors
openai-spreadsheet	Create, edit, and analyze spreadsheets (`.xlsx`, `.csv`)
openai-yeet	Stage, commit, push, and open a GitHub PR in one flow

How It Works

There are three ways to get a skill approved for use:

1. Use an approved marketplace

The marketplaces below have been reviewed and are approved for use. Install plugins from them directly.

View full README on GitHub

Similar Plugins

fullstack-dev-skills

8.6k

201

Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.

Stats

Version1.0.0

Parent Repo Stars220

Parent Repo Forks5

MaintenanceFair

AddedFeb 16, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

skills-curated220

Curated Skills Marketplace

Trail of Bits' reviewed and approved Claude Code plugins. Every skill and marketplace here has been vetted for quality and safety.

Why This Exists

Everything here has been code-reviewed by Trail of Bits staff. We're sharing it publicly so the broader community benefits from the same vetting.

Installation

/plugin marketplace add trailofbits/skills-curated
/plugin menu

Available Plugins

Development

Plugin	Description
planning-with-files	File-based planning with persistent markdown for complex multi-step tasks
python-code-simplifier	Simplify and refine Python code for clarity and maintainability
react-pdf	Generate PDF documents with React-PDF (flexbox layout, SVG, custom fonts)
skill-extractor	Extract reusable skills from work sessions

Security

Plugin	Description
ffuf-web-fuzzing	Expert guidance for ffuf web fuzzing during authorized penetration testing
ghidra-headless	Reverse engineer binaries using Ghidra's headless analyzer
scv-scan	Audit Solidity codebases for 36 smart contract vulnerability classes
security-awareness	Recognize and avoid phishing, credential theft, and social engineering during agent operation
wooyun-legacy	Web vulnerability testing methodology from 88,636 real-world cases (WooYun 2010-2016)

Research

Plugin	Description
last30days	Research any topic from the last 30 days across Reddit, X, and the web
x-research	Search X/Twitter for real-time perspectives, discussions, and expert opinions

Writing

Plugin	Description
humanizer	Identifies and removes AI writing patterns to make text sound natural

OpenAI (Converted)

Auto-converted from openai/skills using scripts/convert_openai_skills.py. Portable skills only (no MCP or OpenAI API dependencies).

Plugin	Description
openai-cloudflare-deploy	Deploy applications to Cloudflare Workers and Pages
openai-develop-web-game	Build and iterate on web games (HTML/JS) with a dev + testing loop
openai-doc	Read, create, and edit `.docx` documents with formatting fidelity
openai-gh-address-comments	Address review and issue comments on GitHub PRs
openai-gh-fix-ci	Debug and fix failing GitHub Actions CI checks
openai-jupyter-notebook	Create, scaffold, and edit Jupyter notebooks
openai-netlify-deploy	Deploy web projects to Netlify using the CLI
openai-pdf	Read, create, and review PDF files with layout awareness
openai-playwright	Automate real browsers from the terminal via playwright-cli
openai-screenshot	Take desktop or system screenshots
openai-security-best-practices	Language and framework specific security best-practice reviews
openai-security-ownership-map	Build security ownership topology from git history
openai-security-threat-model	Repository-grounded threat modeling with trust boundaries and abuse paths
openai-sentry	Inspect Sentry issues and summarize production errors
openai-spreadsheet	Create, edit, and analyze spreadsheets (`.xlsx`, `.csv`)
openai-yeet	Stage, commit, push, and open a GitHub PR in one flow

How It Works

There are three ways to get a skill approved for use:

1. Use an approved marketplace

The marketplaces below have been reviewed and are approved for use. Install plugins from them directly.

openai-security-threat-model

Component Overview

Install

Component Details

Skills (1)

README

Curated Skills Marketplace

Why This Exists

Installation

Available Plugins

Development

Security

Research

Writing

OpenAI (Converted)

How It Works

1. Use an approved marketplace

Similar Plugins

fullstack-dev-skills

openai-security-threat-model

Component Overview

Install

Component Details

Skills (1)

README

Curated Skills Marketplace

Why This Exists

Installation

Available Plugins

Development

Security

Research

Writing

OpenAI (Converted)

How It Works

1. Use an approved marketplace

Similar Plugins

fullstack-dev-skills

dotnet-skills

team-skills-platform

ui-ux-pro-max

context7-plugin

reverse-engineering