Claude Skill

fr33d3m0n/skill-threat-modeling

Code-first deep risk analysis Claude Skill with 8-phase workflow for security design review, STRIDE threat modeling, penetration testing, attack chain analysis, and compliance assessment.

Overview

Stars91
Forks14
LanguagePython
Last pushed2026-01-19
Last synced2026-07-01
View on GitHub

Repository

Ownerfr33d3m0n
Repositoryskill-threat-modeling
Full namefr33d3m0n/skill-threat-modeling
Repo ID1,127,158,432

Install this Skill

git clone https://github.com/fr33d3m0n/threat-modeling.git \

Registry

Typemcp_server
Quality score80/100
Verificationreadme_parsed
Last verified2026-07-01
Platforms
ClaudeMCPCodex
Capabilities
code-reviewpdfmemorysearchimageterminalworkflow
Detected files
README.mdSKILL.mddocs
Config keys
SESSION_ID

Summary

A Claude Skill for code-first deep risk analysis, featuring an 8-phase workflow that integrates security design review, STRIDE threat modeling, penetration testing with attack chain analysis, and software compliance assessment.

Chinese description

Claude Skill:代码优先深度风险分析技能 - 八阶段工作流,涵盖安全设计评审、STRIDE威胁建模、渗透测试与攻击链分析、软件合规性评估

Key features

  • 8-phase structured workflow
  • STRIDE threat modeling methodology
  • Penetration testing and attack chain analysis
  • Security design review integration
  • Software compliance assessment
  • Code-first risk analysis approach

Use cases

  • Secure software development lifecycle
  • Threat modeling for applications
  • Security compliance verification
  • Penetration testing preparation
  • Attack surface analysis
  • Security architecture review

README excerpt

<!-- Threat Modeling Skill | Version 3.2.0 (20260512a) | https://github.com/fr33d3m0n/threat-modeling | License: BSD-3-Clause --> # Threat Modeling Skill v3.2.0 AI-native automated software risk analysis skill. LLM-driven, Code-First approach for comprehensive security risk assessment, threat modeling, security analysis, security audit, and penetration testing. ## What's New in v3.2.0 - **Tool-assisted analysis**: Integrated Luoshu (14 MCP), Ghidra (18 MCP), CodeQL (65 MCP), Joern (15 CWE queries) for deep code and binary analysis - **Complex system support**: DFD auto-generation, CFG/DFG analysis, N-hop call chain tracing, semantic code search - **Binary reverse engineering**: Ghidra decompilation, radare2 recon, call graphs and cross-references - **Automated vulnerability detection**: Joern CWE queries for C/C++, CodeQL security suites - **Attack chain verification**: Luoshu call chains + Ghidra decompilation + Joern taint analysis - **Explicit phase validation**: Replaced hook-based validation with portable `--phase-end` calls - **Tool capabilities matrix**: New `knowledge/tool-capabilities.yaml` for runtime tool discovery - 3 new reference documents in `references/` for on-demand tool guidance - agentskills.io multi-agent platform compatibility (Claude Code, Codex CLI, IDE extensions) See [CHANGELOG.md](CHANGELOG.md) for full version history. ## What's New in v3.0.2 - Major system architecture refactoring, improved security analysis depth and path coverage - Backported SM2 state machine from next-gen AI-Native penetration testing system named "Cobweb" for problem-solving in depth - Added multi-version task history and precise structured phase outputs for CI/CD integration - Optimized context engineering and data disclosure, ~35% token reduction See [CHANGELO

Topics

No topics yet.

Explore more

Data from GitHub. Synced on 2026-07-01