Design security architectures with threat modeling and zero trust
Designs security architectures with threat modeling (STRIDE), zero trust principles, and compliance alignment. Triggers when you request security analysis for a system, need threat identification, or require compliance mapping for frameworks like HIPAA.
/plugin marketplace add pluginagentmarketplace/custom-plugin-software-architect/plugin install software-architect-assistant@pluginagentmarketplace-software-architectThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/config.yamlassets/schema.jsonreferences/GUIDE.mdreferences/PATTERNS.mdscripts/validate.pyDesign and validate security architectures through threat modeling (STRIDE), zero trust implementation, and compliance alignment for enterprise systems.
| Parameter | Type | Required | Validation | Default |
|---|---|---|---|---|
system | string | ✅ | min: 50 chars | - |
analysis_type | enum | ⚪ | threat_model|zero_trust|compliance|review | threat_model |
threat_context | enum | ⚪ | internal|external|both | both |
data_classification | enum | ⚪ | public|internal|confidential|restricted | internal |
compliance_frameworks | array | ⚪ | valid frameworks | [] |
┌──────────────────────────────────────────────────────────┐
│ 1. VALIDATE: Check system description │
│ 2. CLASSIFY: Data and asset classification │
│ 3. MODEL: Threat modeling (STRIDE) │
│ 4. DESIGN: Security controls │
│ 5. ALIGN: Map to compliance requirements │
│ 6. ASSESS: Risk assessment │
│ 7. DOCUMENT: Return security architecture │
└──────────────────────────────────────────────────────────┘
| Error | Retry | Backoff | Max Attempts |
|---|---|---|---|
VALIDATION_ERROR | No | - | 1 |
COMPLIANCE_LOOKUP_ERROR | Yes | 1s | 2 |
THREAT_DB_ERROR | Yes | 2s | 3 |
log_points:
- event: analysis_started
level: info
data: [analysis_type, threat_context]
- event: threats_identified
level: info
data: [threat_count, high_severity_count]
- event: compliance_gaps_found
level: warn
data: [framework, gap_count]
metrics:
- name: analyses_performed
type: counter
labels: [analysis_type]
- name: threats_identified
type: counter
labels: [severity]
- name: compliance_score
type: gauge
| Error Code | Description | Recovery |
|---|---|---|
E301 | Missing system context | Request architecture details |
E302 | Unknown compliance framework | Show supported frameworks |
E303 | Incomplete threat model | Flag missing threat categories |
E304 | Conflicting controls | Highlight conflicts |
test_cases:
- name: "STRIDE threat model"
input:
system: "Web application handling customer PII"
analysis_type: "threat_model"
data_classification: "confidential"
expected:
has_threats: true
stride_categories: 6
has_mitigations: true
- name: "Zero trust design"
input:
system: "Corporate application for remote workers"
analysis_type: "zero_trust"
expected:
has_identity_model: true
has_access_policies: true
has_micro_segmentation: true
- name: "Compliance gap analysis"
input:
system: "Healthcare patient portal"
analysis_type: "compliance"
compliance_frameworks: ["HIPAA"]
expected:
has_requirements: true
has_gap_analysis: true
| Symptom | Root Cause | Resolution |
|---|---|---|
| Incomplete threat model | Missing attack surface | Map all entry points |
| Compliance gaps | Missing controls | Map controls to requirements |
| Over-restrictive policies | Security vs usability | Balance with risk acceptance |
□ Is system context complete?
□ Are all data flows documented?
□ Are all entry points identified?
□ Are threats mapped to mitigations?
□ Is compliance framework valid?
| Threat | Mitigation Category |
|---|---|
| Spoofing | Authentication |
| Tampering | Integrity controls |
| Repudiation | Logging/Audit |
| Information Disclosure | Encryption |
| Denial of Service | Availability |
| Elevation of Privilege | Authorization |
| Component | Trigger | Data Flow |
|---|---|---|
| Agent 05 | Security request | Receives system, returns threat model |
| Agent 04 | Cloud security | Provides security requirements |
| Version | Date | Changes |
|---|---|---|
| 2.0.0 | 2025-01 | Production-grade: STRIDE, compliance mapping |
| 1.0.0 | 2024-12 | Initial release |
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.