threat-modeling

Sequential Thinking (systematic analysis): Use for structured STRIDE analysis:

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "threat-modeling" with this command: npx skills add dralgorhythm/claude-agentic-framework/dralgorhythm-claude-agentic-framework-threat-modeling

Threat Modeling

MCP Tools

Sequential Thinking (systematic analysis): Use for structured STRIDE analysis:

  • Enumerate each threat category systematically

  • Consider attack vectors step-by-step

  • Evaluate mitigations with pros/cons

  • Document reasoning for risk acceptance

Why Threat Model?

  • Identify threats early

  • Prioritize security efforts

  • Document security assumptions

  • Guide security testing

STRIDE Methodology

Use Sequential Thinking to work through each category:

S - Spoofing

Pretending to be someone else.

  • Example: Forged authentication tokens

  • Mitigation: Strong authentication, MFA

T - Tampering

Modifying data without authorization.

  • Example: Changing request parameters

  • Mitigation: Integrity checks, signatures

  • Trace with Grep: Find all input handlers

R - Repudiation

Denying an action occurred.

  • Example: User denies making transaction

  • Mitigation: Audit logging, non-repudiation

I - Information Disclosure

Exposing confidential data.

  • Example: API returns sensitive fields

  • Mitigation: Encryption, access controls

  • Trace with Grep: Find data return points

D - Denial of Service

Making system unavailable.

  • Example: Resource exhaustion attack

  • Mitigation: Rate limiting, auto-scaling

E - Elevation of Privilege

Gaining unauthorized access.

  • Example: User becomes admin

  • Mitigation: Least privilege, input validation

  • Trace with Grep: Find authorization checks

Threat Modeling Process

  1. Decompose System

  • Use Grep and Glob to identify entry points

  • Draw data flow diagrams

  • Identify trust boundaries

  1. Identify Threats

Use Sequential Thinking to systematically ask STRIDE questions for each component.

  1. Trace Data Flow

Use Grep to trace:

  • User input → processing → storage

  • Authentication token flow

  • Sensitive data paths

  1. Rate Threats

Use DREAD or CVSS scoring:

  • Damage potential

  • Reproducibility

  • Exploitability

  • Affected users

  • Discoverability

  1. Mitigate

  • Avoid: Remove the feature

  • Transfer: Use third-party

  • Mitigate: Add controls

  • Accept: Document risk (use Sequential Thinking to justify)

Threat Model Document

Asset: User Database

Threats

ThreatTypeLikelihoodImpactRisk
SQL InjectionTamperingMediumHighHigh
Data BreachInfo DisclosureLowCriticalHigh

Mitigations

  1. Parameterized queries
  2. Encryption at rest
  3. Access logging

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

application-security

No summary provided by upstream source.

Repository SourceNeeds Review
-10
dralgorhythm
Security

security-review

No summary provided by upstream source.

Repository SourceNeeds Review
-9
dralgorhythm
Automation

react-native-reanimated

No summary provided by upstream source.

Repository SourceNeeds Review
-28
dralgorhythm