npx claudepluginhub outlinedriven/odin-claude-plugin --plugin odinThis skill uses the workspace's default tool permissions.
Threat modeling is hypothesis generation for an adversary. Walk the change set as the attacker would: where does untrusted input enter, what trust boundary does it cross, what does it gain on the other side. Every unaudited path is a free move for the attacker.
Audits code security using STRIDE threat modeling, attack trees, CVSS severity ranking, OWASP patterns, and CWE analysis for vulnerabilities in auth, inputs, crypto, and dependencies.
Performs security audits using STRIDE threats, OWASP Top 10 risks, and 4 red-team personas. Scans deps/secrets/routes, maps assets/boundaries, requires code evidence, rates exploitability.
Audits code for security vulnerabilities including OWASP Top 10, auth flaws, injection, data exposure, and dependency risks using STRIDE threat modeling and phased reviews.
Share bugs, ideas, or general feedback.
Threat modeling is hypothesis generation for an adversary. Walk the change set as the attacker would: where does untrusted input enter, what trust boundary does it cross, what does it gain on the other side. Every unaudited path is a free move for the attacker.
Apply: new external surface (HTTP route, RPC method, file upload); AuthN/AuthZ change; deserialization / parsing of untrusted input; new dependency or major-version upgrade; cryptographic change; pre-release of public-facing service; incident postmortem.
NOT apply: internal refactor with no trust-boundary delta; pure performance work; documentation-only changes; internal-only experimental code.
Apply each prompt to every component touched by the change.
| Letter | Threat | Required questions |
|---|---|---|
| S | Spoofing | Who is the principal? How is identity proven? Can the credential be forged, replayed, or stolen? Is MFA / mutual-auth enforced? |
| T | Tampering | What inputs cross the trust boundary? Are they validated against an explicit schema (Zod / Pydantic / serde)? Are messages integrity-protected (HMAC / signature / TLS)? |
| R | Repudiation | Are security-relevant actions logged with actor + timestamp + outcome? Are logs append-only / tamper-evident? |
| I | Information Disclosure | What data is returned in error paths, logs, telemetry? Are PII / secrets ever serialized? Are timing side-channels addressed (constant-time compare)? |
| D | Denial of Service | Are inputs bounded (size, count, depth)? Is parsing resource-limited (zip-bomb, billion-laughs, ReDoS)? Are external calls rate-limited? |
| E | Elevation of Privilege | What privilege does the new code execute under? Is least privilege honored? Can input alter privilege (path traversal, SQL injection, deserialization gadget)? |
For each "yes" / "unclear" answer, file a finding with severity and remediation owner.
git grep -n -C 3 'authorize\|@PreAuthorize\|require_role' then trace policy.git grep -n -E 'MD5|SHA1|DES|Random\(\)' for weak primitives. Use -E (extended regex) for alternation; -F (fixed-string) breaks the pipe-as-OR. Add ecosystem patterns as needed: Math.random, secrets.choice, Mersenne constants.ast-grep patterns for unparameterized queries / shell concat / template eval.| Family | CVE scanner | Secrets / history | SBOM |
|---|---|---|---|
| Rust | cargo audit, cargo deny check advisories | gitleaks, trufflehog | cargo cyclonedx, syft |
| Python | pip-audit, safety check | gitleaks, detect-secrets | cyclonedx-py, syft |
| JavaScript/TypeScript | npm audit, pnpm audit, bun audit | gitleaks, trufflehog | cyclonedx-bom, syft |
| Go | govulncheck, nancy | gitleaks, trufflehog | cyclonedx-gomod, syft |
| Java/Kotlin | OWASP Dependency-Check, gradle dependencyCheckAnalyze | gitleaks, trufflehog | CycloneDX Gradle/Maven, syft |
| OCaml | opam audit, opam-repository advisory feed | gitleaks, detect-secrets | syft (filesystem) |
Use fd -e <ext> (not find). Use git grep -n -F 'literal' (not grep). Use bat -P -p -n (not cat).
gitleaks.