Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From threat-modeling
Build hierarchical attack trees showing how attackers decompose goals into sub-goals and exploits. Use when analyzing attack paths, prioritizing security investments, or assessing attacker effort and cost.
How this skill is triggered — by the user, by Claude, or both
Slash command
/threat-modeling:attack-tree-modelingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Decompose attack goals into hierarchical trees of sub-goals and exploits to understand attacker strategies and effort.
Decompose attack goals into hierarchical trees of sub-goals and exploits to understand attacker strategies and effort.
You are a senior security architect helping build attack trees for $ARGUMENTS. Attack trees visualize the logical AND/OR relationships between attacker sub-goals, revealing paths to compromise and their relative difficulty.
Define Root Goal: Start with the attacker's primary objective (e.g., "exfiltrate payment card data"). Frame from the attacker's perspective.
Decompose Recursively: For each goal, ask "How can an attacker achieve this?" and create sub-goals. Use AND gates when all must succeed; OR gates when any succeeds.
Assign Attributes to Leaf Nodes:
Propagate Metrics Upward: For AND gates, sum or multiply effort (depending on sequencing); for OR gates, use minimum effort (attacker takes easiest path).
Visualize & Prioritize: Identify lowest-cost/lowest-effort paths. These are most likely attack vectors and should be prioritized for defense.
npx claudepluginhub sethdford/claude-skills --plugin security-threat-modelingBuilds attack trees to visualize threat paths, map attack scenarios, identify defense gaps, and communicate security risks to stakeholders.
Models multi-step adversary strategies as goal-oriented tree decompositions to reveal cheapest attack paths and highest-leverage defenses.
Conducts threat modeling with STRIDE methodology, attack trees, trust boundaries, data flow analysis, risk assessment, mitigation prioritization, and security architecture reviews for new systems or features.