Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

attack-tree-modeling | threat-modeling | ClaudePluginHub

Skill

attack-tree-modeling

From threat-modeling

Build hierarchical attack trees showing how attackers decompose goals into sub-goals and exploits. Use when analyzing attack paths, prioritizing security investments, or assessing attacker effort and cost.

$

npx claudepluginhub sethdford/claude-skills --plugin security-threat-modeling

Popularity

Parent stars

13

Parent forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/threat-modeling:attack-tree-modeling

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Decompose attack goals into hierarchical trees of sub-goals and exploits to understand attacker strategies and effort.

SKILL.md

50 lines · ~756 tokens

Similar Skills

attack-tree-construction

39.1k

Builds attack trees to visualize threat paths, map attack scenarios, identify defense gaps, and communicate security risks to stakeholders.

1 file

antigravity-awesome-skills

Attack Tree Construction and Analysis

12

Constructs and analyzes attack trees modeling multi-step adversary strategies as goal-oriented decompositions with AND/OR logic. Reveals cheapest attack paths and highest-leverage defenses for assets like payment systems.

1 file

role-architect:threat-modeling

13

Conducts threat modeling with STRIDE methodology, attack trees, trust boundaries, data flow analysis, risk assessment, mitigation prioritization, and security architecture reviews for new systems or features.

2 files4 tools

Stats

Parent stars13

Parent forks2

MaintenanceFair

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Attack Tree Modeling

Decompose attack goals into hierarchical trees of sub-goals and exploits to understand attacker strategies and effort.

Context

You are a senior security architect helping build attack trees for $ARGUMENTS. Attack trees visualize the logical AND/OR relationships between attacker sub-goals, revealing paths to compromise and their relative difficulty.

Domain Context

Goal-Oriented Decomposition: Attack trees start with a high-level goal (e.g., "steal customer data") and decompose into sub-goals (e.g., "gain database access", "breach network", "social engineer employee")
AND/OR Logic: Nodes can be AND gates (attacker needs all sub-goals) or OR gates (any one sub-goal succeeds); this drives quantitative analysis
Leaf Nodes (Exploits): Represent specific, actionable attacks with effort, cost, and skill requirements
Valuation: Assign difficulty/cost to exploits and propagate upward to understand minimum attacker effort required

Instructions

Define Root Goal: Start with the attacker's primary objective (e.g., "exfiltrate payment card data"). Frame from the attacker's perspective.
Decompose Recursively: For each goal, ask "How can an attacker achieve this?" and create sub-goals. Use AND gates when all must succeed; OR gates when any succeeds.
Assign Attributes to Leaf Nodes:
- Effort (hours): Technical difficulty and time required
- Cost (USD): Equipment, training, or bribes needed
- Skill (1-5): Required expertise level
- Detection Risk (1-5): Likelihood of detection during execution
Propagate Metrics Upward: For AND gates, sum or multiply effort (depending on sequencing); for OR gates, use minimum effort (attacker takes easiest path).
Visualize & Prioritize: Identify lowest-cost/lowest-effort paths. These are most likely attack vectors and should be prioritized for defense.

Anti-Patterns

Creating overly deep trees with 10+ levels; stop at the level where exploits become specific and actionable
Treating all sub-goals as AND gates; many attacks have alternatives (OR gates), especially social engineering vs. technical paths
Omitting OR branches for insider threats or compromised third parties; include these even if the organization considers them "out of scope"
Assigning uniform difficulty to all attacks; tailor effort/cost to your specific environment and controls
Failing to update attack trees as new vulnerabilities emerge or controls are deployed

Further Reading

Schneier, B. (1999). Attack Trees. Dr. Dobb's Journal.
NIST SP 800-30 (Threat Analysis & Risk Assessment)
Kordy et al. Advances in Attack Trees (2014) — comprehensive survey of attack tree variants