Skill

role-architect:threat-modeling

Threat modeling expertise including STRIDE methodology, attack trees, trust boundary identification, data flow analysis, risk assessment, mitigation prioritization, and security architecture review.

Install

npx claudepluginhub rnavarych/alpha-engineer --plugin role-architect

Tool Access

This skill is limited to using the following tools:

ReadGrepGlobBash

Preview

- Performing a security review of a new system design or major feature

Supporting Assets

references/risk-assessment-and-review.mdreferences/stride-and-attack-analysis.md

SKILL.md

Similar Skills

ui-ux-pro-max

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

57.6k

context7-mcp

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

51.8k

market-sizing-analysis

2 files

Calculates TAM/SAM/SOM using top-down, bottom-up, and value theory methodologies for market sizing, revenue estimation, and startup validation.

startup-business-analyst

32.9k

Stats

Parent Repo Stars9

Parent Repo Forks0

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

When to use

Performing a security review of a new system design or major feature

Systematically identifying threats using the STRIDE framework

Building attack trees for a specific attacker goal

Identifying and documenting trust boundaries in a system architecture

Rating threats by likelihood and impact to prioritize mitigation work

Conducting pre-launch or post-incident security architecture reviews

Core principles

STRIDE is a checklist, not a destination — apply it to every component and every data flow crossing

Trust boundaries are the attack surface map — draw them before writing a single mitigation

Risk = Likelihood x Impact — prioritize by score, not by what feels scary

Quick wins first within each risk tier — cheapest effective fix before the strategic overhaul

Residual risk must be documented — accepting a risk without recording it is the same as ignoring it

Reference Files

references/stride-and-attack-analysis.md — full STRIDE breakdown (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) with check items and mitigations per category; attack tree construction methodology; trust boundary identification with common boundary types; and sensitive data flow analysis with aggregation risk

references/risk-assessment-and-review.md — Likelihood x Impact matrix with 1-9 risk scoring, risk tolerance definition, mitigation prioritization (quick wins vs strategic), residual risk documentation, and security architecture review checklist covering authentication, authorization, data protection, network security, logging, dependencies, and incident response

Threat Modeling

When to use

Performing a security review of a new system design or major feature
Systematically identifying threats using the STRIDE framework
Building attack trees for a specific attacker goal
Identifying and documenting trust boundaries in a system architecture
Rating threats by likelihood and impact to prioritize mitigation work
Conducting pre-launch or post-incident security architecture reviews

Core principles

STRIDE is a checklist, not a destination — apply it to every component and every data flow crossing
Trust boundaries are the attack surface map — draw them before writing a single mitigation
Risk = Likelihood x Impact — prioritize by score, not by what feels scary
Quick wins first within each risk tier — cheapest effective fix before the strategic overhaul
Residual risk must be documented — accepting a risk without recording it is the same as ignoring it

Reference Files

references/stride-and-attack-analysis.md — full STRIDE breakdown (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) with check items and mitigations per category; attack tree construction methodology; trust boundary identification with common boundary types; and sensitive data flow analysis with aggregation risk
references/risk-assessment-and-review.md — Likelihood x Impact matrix with 1-9 risk scoring, risk tolerance definition, mitigation prioritization (quick wins vs strategic), residual risk documentation, and security architecture review checklist covering authentication, authorization, data protection, network security, logging, dependencies, and incident response