From appsec-advisor
Prints a read-only overview of the current threat model including scan identity, findings by severity, top Critical threats, mitigation counts, and freshness status using the same change detection as the incremental scan pipeline.
How this skill is triggered — by the user, by Claude, or both
Slash command
/appsec-advisor:show-threat-modelThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are printing a human-facing overview of the threat model in the target
You are printing a human-facing overview of the threat model in the target
repository. This skill is read-only — it does not analyze code, does
not spawn agents, and does not write files. It reads the committed
threat-model.yaml and reports.
The freshness verdict comes from threat_model_health.py --json, which wraps
baseline_state.py check-changes + dirty-set — the same change detection
the pipeline uses to decide whether an incremental scan is needed. This skill
does not re-implement that logic; it folds the verdict into the overview.
--help — inline help (early exit)If the user's arguments contain --help or -h, print this block verbatim
and exit.
/appsec-advisor:show-threat-model — Read-only threat model overview.
USAGE
/appsec-advisor:show-threat-model [--repo <path>] [--output <path>] [--all] [--json]
FLAGS
--repo <path> Repository to inspect (default: current working dir)
--output <path> Output directory to inspect (default: <repo>/docs/security)
--all List every threat grouped by severity (default: top Critical only)
--json Emit the overview as machine-readable JSON
WHAT IT SHOWS
* Project + scan identity (commit, branch, model, depth, scan date)
* Freshness: is the model still current, or has security-relevant code changed?
(same change detection that drives the incremental-scan decision)
* Findings by severity (Critical / High / Medium / Low)
* Top Critical threats (or all threats with --all)
* Mitigation and control counts, plus the rendered report path
RELATED
/appsec-advisor:threat-model-health Ops/CI probe: freshness + cleanup + run state
/appsec-advisor:create-threat-model Generate or update the threat model
After printing the help block, exit. Do not proceed.
Recognized flags (and the values consumed by --repo / --output):
--repo <path> --output <path> --all --json --help | -h
Parse these and set REPO_ROOT, OUTPUT_DIR, ALL_MODE, JSON_MODE.
REPO_ROOT to the current working directory.OUTPUT_DIR to $REPO_ROOT/docs/security.--repo <path> overrides REPO_ROOT; --output <path> overrides OUTPUT_DIR.--all and --json are boolean toggles that consume no value.If the invocation contains any token that is not one of the recognized
flags above — or is not the value consumed by --repo / --output — DO NOT
proceed. Do not resolve CLAUDE_PLUGIN_ROOT, do not invoke any helper, do not
touch any file. Print the following block verbatim to stderr, substituting
<TOKEN> with the first unknown token, then exit with status 2:
Error: unknown argument '<TOKEN>'
/appsec-advisor:show-threat-model accepts only:
--repo <path> Repository to inspect (default: current working dir)
--output <path> Output directory to inspect (default: <repo>/docs/security)
--all List every threat grouped by severity
--json Emit the overview as machine-readable JSON
--help, -h Show full help and exit
Run `/appsec-advisor:show-threat-model --help` for details.
A flag that takes a value (e.g. --repo or --output) counts as unknown
when its value is missing — treat the flag itself as the offending token.
Repeated occurrences of the same flag are allowed; the last value wins.
CLAUDE_PLUGIN_ROOTif [ -z "$CLAUDE_PLUGIN_ROOT" ]; then
CLAUDE_PLUGIN_ROOT=$(find /root /home /opt -maxdepth 6 \
-path "*/appsec-advisor/skills/show-threat-model/SKILL.md" \
2>/dev/null | head -1 | xargs -r dirname | xargs -r dirname | xargs -r dirname)
fi
export CLAUDE_PLUGIN_ROOT
if [ -z "$CLAUDE_PLUGIN_ROOT" ] || [ ! -d "$CLAUDE_PLUGIN_ROOT" ]; then
echo "Error: CLAUDE_PLUGIN_ROOT could not be resolved." >&2
exit 2
fi
Run the freshness probe in JSON mode and pipe it into the summary renderer so
the freshness verdict is folded into one deterministic block. Do not set
pipefail: the meaningful exit code is the renderer's (0 = model present,
1 = no model), not the health probe's CI exit code.
EXTRA=""
[ "$ALL_MODE" = "true" ] && EXTRA="$EXTRA --all"
[ "$JSON_MODE" = "true" ] && EXTRA="$EXTRA --json"
python3 "$CLAUDE_PLUGIN_ROOT/scripts/threat_model_health.py" \
--repo-root "$REPO_ROOT" --output-dir "$OUTPUT_DIR" --json 2>/dev/null \
| python3 "$CLAUDE_PLUGIN_ROOT/scripts/summarize_threat_model.py" \
--output-dir "$OUTPUT_DIR" --repo-root "$REPO_ROOT" --health-json - $EXTRA
EXIT=$?
Print the renderer's output as the complete deliverable — do not add
commentary. If the renderer exits 1 (no model found), it already prints the
hint to run /appsec-advisor:create-threat-model; surface that as-is.
Exit-code reference (for shell callers):
0 — threat model present, overview rendered1 — no threat model found at <output>/threat-model.yaml2 — error (unreadable / unparseable model, or unknown argument)npx claudepluginhub matthiasrohr/appsec-advisorPerforms a threat assessment of a repository and produces a threat-model.md file. Supports external repo analysis and optional YAML output.
Generates a repository-grounded threat model enumerating trust boundaries, assets, attacker capabilities, abuse paths, and mitigations. Useful for AppSec threat modeling of codebases.
Generates repo-specific threat models enumerating trust boundaries, assets, attacker capabilities, abuse paths, mitigations in Markdown. For explicit AppSec threat modeling requests.