Claude Skill
fr33d3m0n/skill-threat-modeling
Code-first deep risk analysis Claude Skill with 8-phase workflow for security design review, STRIDE threat modeling, penetration testing, attack chain analysis, and compliance assessment.
Overview
Repository
Install this Skill
git clone https://github.com/fr33d3m0n/threat-modeling.git \Registry
Summary
A Claude Skill for code-first deep risk analysis, featuring an 8-phase workflow that integrates security design review, STRIDE threat modeling, penetration testing with attack chain analysis, and software compliance assessment.
Claude Skill:代码优先深度风险分析技能 - 八阶段工作流,涵盖安全设计评审、STRIDE威胁建模、渗透测试与攻击链分析、软件合规性评估
Key features
- 8-phase structured workflow
- STRIDE threat modeling methodology
- Penetration testing and attack chain analysis
- Security design review integration
- Software compliance assessment
- Code-first risk analysis approach
Use cases
- Secure software development lifecycle
- Threat modeling for applications
- Security compliance verification
- Penetration testing preparation
- Attack surface analysis
- Security architecture review
README excerpt
<!-- Threat Modeling Skill | Version 3.2.0 (20260512a) | https://github.com/fr33d3m0n/threat-modeling | License: BSD-3-Clause --> # Threat Modeling Skill v3.2.0 AI-native automated software risk analysis skill. LLM-driven, Code-First approach for comprehensive security risk assessment, threat modeling, security analysis, security audit, and penetration testing. ## What's New in v3.2.0 - **Tool-assisted analysis**: Integrated Luoshu (14 MCP), Ghidra (18 MCP), CodeQL (65 MCP), Joern (15 CWE queries) for deep code and binary analysis - **Complex system support**: DFD auto-generation, CFG/DFG analysis, N-hop call chain tracing, semantic code search - **Binary reverse engineering**: Ghidra decompilation, radare2 recon, call graphs and cross-references - **Automated vulnerability detection**: Joern CWE queries for C/C++, CodeQL security suites - **Attack chain verification**: Luoshu call chains + Ghidra decompilation + Joern taint analysis - **Explicit phase validation**: Replaced hook-based validation with portable `--phase-end` calls - **Tool capabilities matrix**: New `knowledge/tool-capabilities.yaml` for runtime tool discovery - 3 new reference documents in `references/` for on-demand tool guidance - agentskills.io multi-agent platform compatibility (Claude Code, Codex CLI, IDE extensions) See [CHANGELOG.md](CHANGELOG.md) for full version history. ## What's New in v3.0.2 - Major system architecture refactoring, improved security analysis depth and path coverage - Backported SM2 state machine from next-gen AI-Native penetration testing system named "Cobweb" for problem-solving in depth - Added multi-version task history and precise structured phase outputs for CI/CD integration - Optimized context engineering and data disclosure, ~35% token reduction See [CHANGELO
Topics
No topics yet.