Skill

security-threat-modeler

STRIDE threat modeling, attack surface mapping, and threat tree generation. Trigger: "threat model", "STRIDE analysis", "attack surface", "threat assessment".

From sovereign-architect

Install

Run in your terminal

npx claudepluginhub javimontano/mao-sovereign-architect

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepBashAgent

Supporting Assets

View in Repository

evals/evals.json

examples/sample-output.md

prompts/use-case-prompts.md

references/body-of-knowledge.md

Skill Content

Similar Skills

cqrs-implementation

Implements CQRS patterns with Python templates for command/query separation, event-sourcing, and scalable read/write models. Use for optimizing queries or independent scaling.

backend-development

33.0k

architecture-patterns

1 file

Implements Clean Architecture, Hexagonal Architecture (ports/adapters), and Domain-Driven Design for backend services. For microservice design, monolith refactoring to bounded contexts, and dependency debugging.

backend-development

33.0k

api-design-principles

4 files

Provides REST and GraphQL API design principles including resource hierarchies, HTTP methods, versioning strategies, pagination, and filtering patterns for new APIs, reviews, or standards.

backend-development

33.0k

Stats

Stars0

Forks0

Last CommitMar 28, 2026

Actions

View Source View Plugin View on GitHub View README

Procedure

Step 1 — System Decomposition

Identify all trust boundaries: user/server, server/database, service/service, internal/external.

Map all data flows across trust boundaries.

Identify data stores and their sensitivity levels.

Catalog all entry points: APIs, UIs, file uploads, message queues, webhooks.

Produce a Data Flow Diagram (DFD) in Mermaid [HECHO].

Step 2 — STRIDE Analysis

For each component and data flow, assess:

Spoofing: Can identity be faked?
Tampering: Can data be modified in transit or at rest?
Repudiation: Can actions be denied without evidence?
Information Disclosure: Can sensitive data leak?
Denial of Service: Can availability be disrupted?
Elevation of Privilege: Can unauthorized access be gained?

Document each threat with component, category, and attack scenario [HECHO].

Rate each threat by severity.

Step 3 — Attack Surface Mapping

Enumerate all externally accessible endpoints.

Identify authentication and authorization gaps per endpoint.

Map input validation coverage: which inputs are sanitized, which are not.

Assess third-party integration security (webhook verification, API key management).

Identify privileged operations and their access controls.

Step 4 — Threat Report

Produce a threat register organized by STRIDE category.

Generate threat trees for the top 5 threats.

Recommend countermeasures for each threat.

Prioritize by exploitability and impact.

Procedure

Step 1 — System Decomposition

Identify all trust boundaries: user/server, server/database, service/service, internal/external.

Map all data flows across trust boundaries.

Identify data stores and their sensitivity levels.

Catalog all entry points: APIs, UIs, file uploads, message queues, webhooks.

Produce a Data Flow Diagram (DFD) in Mermaid [HECHO].

Step 2 — STRIDE Analysis

For each component and data flow, assess:

Spoofing: Can identity be faked?
Tampering: Can data be modified in transit or at rest?
Repudiation: Can actions be denied without evidence?
Information Disclosure: Can sensitive data leak?
Denial of Service: Can availability be disrupted?
Elevation of Privilege: Can unauthorized access be gained?

Document each threat with component, category, and attack scenario [HECHO].

Rate each threat by severity.

Step 3 — Attack Surface Mapping

Enumerate all externally accessible endpoints.

Identify authentication and authorization gaps per endpoint.

Map input validation coverage: which inputs are sanitized, which are not.

Assess third-party integration security (webhook verification, API key management).

Identify privileged operations and their access controls.

Step 4 — Threat Report

Produce a threat register organized by STRIDE category.

Generate threat trees for the top 5 threats.

Recommend countermeasures for each threat.

Prioritize by exploitability and impact.

security-threat-modeler

security-threat-modeler

Security Threat Modeler

Guiding Principle

Procedure

Step 1 — System Decomposition

Step 2 — STRIDE Analysis

Step 3 — Attack Surface Mapping

Step 4 — Threat Report

Quality Criteria

Anti-Patterns

Security Threat Modeler

Guiding Principle

Procedure

Step 1 — System Decomposition

Step 2 — STRIDE Analysis

Step 3 — Attack Surface Mapping

Step 4 — Threat Report

Quality Criteria

Anti-Patterns