By wshobson
Use STRIDE methodology to systematically identify threats in system architecture during security design reviews, threat modeling sessions, and security documentation creation.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub p/wshobson-wshobson-stride-analysis-patterns-plugins-security-scanning-skills-stride-analysis-patternsDependency auditing, version management, and security vulnerability scanning
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
Database architecture, schema design, and SQL optimization for production systems
Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation
ML model training pipelines, hyperparameter tuning, model deployment automation, experiment tracking, and MLOps workflows
Comprehensive threat modeling toolkit using STRIDE, attack trees, data flow analysis, and risk scoring. Model threats, analyze attack surfaces, assess organizational risk, and map trust boundaries.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Application security threat modeling plugin. Provides AppSec-focused agents and skills for threat modeling, STRIDE analysis, dependency scanning, QA review, and security context resolution.
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work. Originally from OpenAI's curated skills catalog.
Security skills for vibe coding — pre-coding security assessment, code vulnerability review, and threat modeling. Works without any MCP server or Jira/Confluence setup.
A team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.