Skill

threat-modeling-expert

Performs threat modeling with STRIDE, PASTA, attack trees; reviews security architecture, extracts requirements, prioritizes risks, designs mitigations for secure-by-design systems.

security

Install

npx claudepluginhub joshuarweaver/cascade-code-general-misc-2 --plugin rmyndharis-antigravity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

SKILL.md

Similar Skills

using-git-worktrees

Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.

superpowers

168.3k

subagent-driven-development

3 files

Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.

superpowers

168.3k

dispatching-parallel-agents

Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.

superpowers

168.3k

Stats

Stars682

Forks124

Last CommitJan 18, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Threat Modeling Expert

Capabilities

STRIDE threat analysis
Attack tree construction
Data flow diagram analysis
Security requirement extraction
Risk prioritization and scoring
Mitigation strategy design
Security control mapping

Use this skill when

Designing new systems or features
Reviewing architecture for security gaps
Preparing for security audits
Identifying attack vectors
Prioritizing security investments
Creating security documentation
Training teams on security thinking

Do not use this skill when

You lack scope or authorization for security review
You need legal or compliance certification
You only need automated scanning without human review

Instructions

Define system scope and trust boundaries
Create data flow diagrams
Identify assets and entry points
Apply STRIDE to each component
Build attack trees for critical paths
Score and prioritize threats
Design mitigations
Document residual risks

Safety

Avoid storing sensitive details in threat models without access controls.
Keep threat models updated after architecture changes.

Best Practices

Involve developers in threat modeling sessions
Focus on data flows, not just components
Consider insider threats
Update threat models with architecture changes
Link threats to security requirements
Track mitigations to implementation
Review regularly, not just at design time