By wshobson
Translate threat models and business context into actionable security requirements, user stories, and test cases.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimnpx claudepluginhub p/wshobson-wshobson-security-requirement-extraction-plugins-security-scanning-skills-security-requirement-extractionBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Dependency auditing, version management, and security vulnerability scanning
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
Database architecture, schema design, and SQL optimization for production systems
ML model training pipelines, hyperparameter tuning, model deployment automation, experiment tracking, and MLOps workflows
ETL pipeline construction, data warehouse design, batch processing workflows, and data-driven feature development
Comprehensive threat modeling toolkit using STRIDE, attack trees, data flow analysis, and risk scoring. Model threats, analyze attack surfaces, assess organizational risk, and map trust boundaries.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
A team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.
Application security threat modeling plugin. Provides AppSec-focused agents and skills for threat modeling, STRIDE analysis, dependency scanning, QA review, and security context resolution.
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work. Originally from OpenAI's curated skills catalog.
Auxiliary skills for threat modeling - with and without OWASP pytm