From claude-skills
Generates repository-grounded threat models covering trust boundaries, assets, attacker capabilities, abuse paths, and mitigations. Supports STRIDE, PASTA, and attacker-goal methodologies with AI/ML and cloud-native considerations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/claude-skills:security-threat-modelThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Deliver an actionable AppSec-grade threat model that is specific to the repository or a project path, not a generic checklist. Anchor every architectural claim to evidence in the repo and keep assumptions explicit. Prioritizing realistic attacker goals and concrete impacts over generic checklists.
Deliver an actionable AppSec-grade threat model that is specific to the repository or a project path, not a generic checklist. Anchor every architectural claim to evidence in the repo and keep assumptions explicit. Prioritizing realistic attacker goals and concrete impacts over generic checklists.
references/prompt-template.md to generate a repository summary.references/prompt-template.md. Use it verbatim when possible.references/prompt-template.md<repo-or-dir-name>-threat-model.md (use the basename of the repo root, or the in-scope directory if you were asked to model a subpath).These are the most frequent failure modes encountered when threat modeling. Avoiding them makes threat models actionable and credible.
Problem: Threat descriptions read like generic security checklist items rather than specific abuse paths anchored to actual code, configurations, or deployment architecture.
Example of bad: "Attacker gains unauthorized access to sensitive data"
Example of good: "An attacker without authentication can exfiltrate API keys from config.json if the process is deployed with filesystem permissions allowing world-read access, enabling privilege escalation to AWS"
How to avoid: For every threat, ask: Which component? Which entry point? What specific code path or boundary does the attacker exploit? If you can't answer, go back to the repo and find the concrete evidence (code, config template, deployment docs).
Problem: Threat model lists threats without defining who the attacker is, what they want, and what resources they have. This makes prioritization meaningless because you can't assess likelihood.
Example of bad: "Attacker compromises the system"
Example of good: "A disgruntled employee with internal API access steals PII to sell on a darknet market. Likelihood: medium (few employees have access; audit logs exist but aren't monitored in real-time)"
How to avoid: Define 3-4 realistic attacker profiles for your system:
For each threat, state which actor(s) can exploit it and why they would.
Problem: Every threat gets marked critical because the impact is theoretically severe. This makes the threat model unhelpful—teams can't focus because nothing is prioritized, and credibility erodes ("threat models are just scare tactics").
Example of bad: All 25 threats marked "Critical"
Example of good: "Supply chain RCE via dependency: Critical (high likelihood pre-exploit patch, catastrophic impact). User brute-force of weak password: Medium (low likelihood with rate limiting and 2FA, but integrity impact is high if successful)."
How to avoid: Use the likelihood × impact grid. Adjust final priority based on existing controls. Ask:
Mark as "Conditional High" if priority depends on user assumptions you haven't confirmed yet.
Problem: Recommendations read like security platitudes ("add authentication," "encrypt data," "enable logging") rather than specific code locations or control mechanisms. Teams don't know where to start.
Example of bad: "Add input validation to prevent injection attacks"
Example of good: "Enforce JSON schema validation on the /api/upload endpoint handler (src/handlers/upload.ts:42) before passing to the document parser. Use Zod or Ajv to reject payloads with > 10MB or disallowed MIME types."
How to avoid: For every mitigation:
Problem: Threat model is delivered as a snapshot but the system evolves. New entry points are added, dependencies are upgraded, team changes. The model stales within weeks and loses credibility.
Example of bad: "Here's your threat model, good luck!"
Example of good: "Threat model is versioned in Git. Review schedule: after each major deployment, quarterly team review, and whenever a new dependency or integration is added. Update-trigger checklist: new user roles, new APIs, new data sources, infrastructure changes."
How to avoid: Before finalizing, agree on:
Mention this in the deliverable.
For systems that include AI/ML components (LLMs, embeddings, RAG pipelines), add these threat categories:
| Threat | Description | Typical Impact |
|---|---|---|
| Prompt injection | Malicious content in user input overrides system instructions | Privilege escalation, data exfiltration |
| Indirect prompt injection | Malicious content in external data (documents, web pages) hijacks agent actions | Unauthorized tool calls, data theft |
| Training data poisoning | Adversarial examples in fine-tuning data embed backdoors | Model behavior manipulation |
| Model exfiltration | Stealing model weights or distilling proprietary models | IP theft, circumventing safety |
| Embedding inversion | Reconstructing PII from embedding vectors stored in vector DBs | Privacy violation |
| RAG manipulation | Injecting adversarial documents into knowledge bases | Misinformation propagation |
| Jailbreaking | Bypassing safety filters via adversarial prompts | Policy violations, harmful output |
| Context window attack | Flooding context to push out safety instructions | Safety bypass |
Modern applications depend heavily on third-party packages. Include:
| Threat | Example | Mitigation |
|---|---|---|
| Typosquatting | reqursts instead of requests | Lock files, package signing |
| Dependency confusion | Internal package name hijacked in public registry | Scoped packages, registry config |
| Compromised maintainer | event-stream npm incident | SBOM + CVE monitoring, VCS integrity |
| Build system compromise | SolarWinds-style | Reproducible builds, SLSA Level 3 |
| CI/CD hijacking | Actions workflow injection | Pin Actions by commit hash, not tag |
For containerized/Kubernetes/serverless deployments:
references/prompt-template.mdreferences/security-controls-and-assets.mdOnly load the reference files you need. Keep the final result concise, grounded, and reviewable.
npx claudepluginhub ckorhonen/claude-skillsGenerates a repository-grounded threat model enumerating trust boundaries, assets, attacker capabilities, abuse paths, and mitigations. Useful for AppSec threat modeling of codebases.
Generates repo-specific threat models enumerating trust boundaries, assets, attacker capabilities, abuse paths, mitigations in Markdown. For explicit AppSec threat modeling requests.
Produces threat models for codebases or systems: identifies crown jewels assets, maps attack surface entry points and trust boundaries, ranks threats, suggests mitigations and accepted risks.