Skill

role-architect:threat-modeling

Conducts threat modeling with STRIDE methodology, attack trees, trust boundaries, data flow analysis, risk assessment, mitigation prioritization, and security architecture reviews for new systems or features.

security

npx claudepluginhub rnavarych/alpha-engineer --plugin role-architect

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/role-architect:threat-modeling

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadGrepGlobBash

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

- Performing a security review of a new system design or major feature

Supporting Files

references/risk-assessment-and-review.mdreferences/stride-and-attack-analysis.md

SKILL.md

30 lines · ~504 tokens

Similar Skills

threat-modeling-expert

40.0k

Masters STRIDE, PASTA, and attack trees for security architecture review and threat identification. Use proactively for secure-by-design systems.

antigravity-awesome-skills

threat-modeling

Conducts structured threat modeling using OWASP Four-Question Framework and STRIDE. Generates threat matrices with risk ratings, mitigations, prioritization for attack surface analysis and security architecture reviews.

11 files

copilot-cli-toolkit

threat-modeling

Generates threat models using OWASP Four-Question Framework and STRIDE methodology, producing matrices with risk ratings, mitigations, and prioritization for attack surface analysis and security reviews.

project-toolkit

Stats

LanguageShell

Parent stars13

Parent forks1

MaintenanceGood

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Threat Modeling

When to use

Performing a security review of a new system design or major feature

Systematically identifying threats using the STRIDE framework

Building attack trees for a specific attacker goal

Identifying and documenting trust boundaries in a system architecture

Rating threats by likelihood and impact to prioritize mitigation work

Conducting pre-launch or post-incident security architecture reviews

Core principles

STRIDE is a checklist, not a destination — apply it to every component and every data flow crossing

Trust boundaries are the attack surface map — draw them before writing a single mitigation

Risk = Likelihood x Impact — prioritize by score, not by what feels scary

Quick wins first within each risk tier — cheapest effective fix before the strategic overhaul

Residual risk must be documented — accepting a risk without recording it is the same as ignoring it

Reference Files

references/stride-and-attack-analysis.md — full STRIDE breakdown (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) with check items and mitigations per category; attack tree construction methodology; trust boundary identification with common boundary types; and sensitive data flow analysis with aggregation risk

references/risk-assessment-and-review.md — Likelihood x Impact matrix with 1-9 risk scoring, risk tolerance definition, mitigation prioritization (quick wins vs strategic), residual risk documentation, and security architecture review checklist covering authentication, authorization, data protection, network security, logging, dependencies, and incident response

Threat Modeling

When to use

Performing a security review of a new system design or major feature
Systematically identifying threats using the STRIDE framework
Building attack trees for a specific attacker goal
Identifying and documenting trust boundaries in a system architecture
Rating threats by likelihood and impact to prioritize mitigation work
Conducting pre-launch or post-incident security architecture reviews

Core principles

STRIDE is a checklist, not a destination — apply it to every component and every data flow crossing
Trust boundaries are the attack surface map — draw them before writing a single mitigation
Risk = Likelihood x Impact — prioritize by score, not by what feels scary
Quick wins first within each risk tier — cheapest effective fix before the strategic overhaul
Residual risk must be documented — accepting a risk without recording it is the same as ignoring it

Reference Files

references/stride-and-attack-analysis.md — full STRIDE breakdown (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) with check items and mitigations per category; attack tree construction methodology; trust boundary identification with common boundary types; and sensitive data flow analysis with aggregation risk
references/risk-assessment-and-review.md — Likelihood x Impact matrix with 1-9 risk scoring, risk tolerance definition, mitigation prioritization (quick wins vs strategic), residual risk documentation, and security architecture review checklist covering authentication, authorization, data protection, network security, logging, dependencies, and incident response

role-architect:threat-modeling

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

role-architect:threat-modeling

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Threat Modeling

When to use

Core principles

Reference Files

Similar Skills

Help us improve

Threat Modeling

When to use

Core principles

Reference Files