From security-scanning
Derive security requirements from threat models and business context. Translates threats into actionable requirements, security user stories, and test cases.
How this skill is triggered — by the user, by Claude, or both
Slash command
/security-scanning:security-requirement-extractionThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Transform threat analysis into actionable security requirements.
Transform threat analysis into actionable security requirements.
Business Requirements → Security Requirements → Technical Controls
↓ ↓ ↓
"Protect customer "Encrypt PII at rest" "AES-256 encryption
data" with KMS key rotation"
| Type | Focus | Example |
|---|---|---|
| Functional | What system must do | "System must authenticate users" |
| Non-functional | How system must perform | "Authentication must complete in <2s" |
| Constraint | Limitations imposed | "Must use approved crypto libraries" |
| Attribute | Description |
|---|---|
| Traceability | Links to threats/compliance |
| Testability | Can be verified |
| Priority | Business importance |
| Risk Level | Impact if not met |
Full template library lives in references/details.md. Read that file when you need concrete templates for this skill.
npx claudepluginhub wshobson/agents --plugin security-scanningTransforms threat models and business context into actionable security requirements, user stories, test cases, and acceptance criteria. Useful for security requirement extraction and compliance mapping.
Derives security requirements from threat models and business context for user stories, test cases, acceptance criteria, and compliance mapping.
This skill should be used when the user asks to "create a threat model", "define security goals", "generate a data flow diagram", "write security definitions", "perform an initial security assessment", or needs to produce threat model artifacts for new features or architecture changes.