Claude Skill
fr33d3m0n/skill-threat-modeling
代码优先深度风险分析Claude Skill,提供八阶段工作流,涵盖安全设计评审、STRIDE威胁建模、渗透测试、攻击链分析和合规性评估。
概览
仓库信息
安装这个 Skill
git clone https://github.com/fr33d3m0n/threat-modeling.git \Registry 信息
项目简介
一款用于代码优先深度风险分析的Claude Skill,采用八阶段工作流,集成了安全设计评审、STRIDE威胁建模、渗透测试与攻击链分析以及软件合规性评估。
Code-First Deep Risk Analysis Skill for Claude Code - 8-Phase Workflow with Security design review, STRIDE Threat modeling, PenTest and attack chain analysis, Software compliance assessment
要点
- 八阶段结构化工作流
- STRIDE威胁建模方法
- 渗透测试与攻击链分析
- 安全设计评审集成
- 软件合规性评估
- 代码优先风险分析方法
使用场景
- 安全软件开发生命周期
- 应用程序威胁建模
- 安全合规性验证
- 渗透测试准备
- 攻击面分析
- 安全架构评审
README 摘要
<!-- Threat Modeling Skill | Version 3.2.0 (20260512a) | https://github.com/fr33d3m0n/threat-modeling | License: BSD-3-Clause --> # Threat Modeling Skill v3.2.0 AI-native automated software risk analysis skill. LLM-driven, Code-First approach for comprehensive security risk assessment, threat modeling, security analysis, security audit, and penetration testing. ## What's New in v3.2.0 - **Tool-assisted analysis**: Integrated Luoshu (14 MCP), Ghidra (18 MCP), CodeQL (65 MCP), Joern (15 CWE queries) for deep code and binary analysis - **Complex system support**: DFD auto-generation, CFG/DFG analysis, N-hop call chain tracing, semantic code search - **Binary reverse engineering**: Ghidra decompilation, radare2 recon, call graphs and cross-references - **Automated vulnerability detection**: Joern CWE queries for C/C++, CodeQL security suites - **Attack chain verification**: Luoshu call chains + Ghidra decompilation + Joern taint analysis - **Explicit phase validation**: Replaced hook-based validation with portable `--phase-end` calls - **Tool capabilities matrix**: New `knowledge/tool-capabilities.yaml` for runtime tool discovery - 3 new reference documents in `references/` for on-demand tool guidance - agentskills.io multi-agent platform compatibility (Claude Code, Codex CLI, IDE extensions) See [CHANGELOG.md](CHANGELOG.md) for full version history. ## What's New in v3.0.2 - Major system architecture refactoring, improved security analysis depth and path coverage - Backported SM2 state machine from next-gen AI-Native penetration testing system named "Cobweb" for problem-solving in depth - Added multi-version task history and precise structured phase outputs for CI/CD integration - Optimized context engineering and data disclosure, ~35% token reduction See [CHANGELO
话题
暂无话题