Claude Skill

fr33d3m0n/skill-threat-modeling

代码优先深度风险分析Claude Skill,提供八阶段工作流,涵盖安全设计评审、STRIDE威胁建模、渗透测试、攻击链分析和合规性评估。

概览

Stars91
Forks14
语言Python
最后更新2026-01-19
最近同步2026-07-01
前往 GitHub

仓库信息

拥有者fr33d3m0n
仓库skill-threat-modeling
完整名称fr33d3m0n/skill-threat-modeling
Repo ID1,127,158,432

安装这个 Skill

git clone https://github.com/fr33d3m0n/threat-modeling.git \

Registry 信息

类型mcp_server
质量分80/100
验证状态readme_parsed
最近验证2026-07-01
平台
ClaudeMCPCodex
能力
code-reviewpdfmemorysearchimageterminalworkflow
识别文件
README.mdSKILL.mddocs
配置键
SESSION_ID

项目简介

一款用于代码优先深度风险分析的Claude Skill,采用八阶段工作流,集成了安全设计评审、STRIDE威胁建模、渗透测试与攻击链分析以及软件合规性评估。

英文描述

Code-First Deep Risk Analysis Skill for Claude Code - 8-Phase Workflow with Security design review, STRIDE Threat modeling, PenTest and attack chain analysis, Software compliance assessment

要点

  • 八阶段结构化工作流
  • STRIDE威胁建模方法
  • 渗透测试与攻击链分析
  • 安全设计评审集成
  • 软件合规性评估
  • 代码优先风险分析方法

使用场景

  • 安全软件开发生命周期
  • 应用程序威胁建模
  • 安全合规性验证
  • 渗透测试准备
  • 攻击面分析
  • 安全架构评审

README 摘要

<!-- Threat Modeling Skill | Version 3.2.0 (20260512a) | https://github.com/fr33d3m0n/threat-modeling | License: BSD-3-Clause --> # Threat Modeling Skill v3.2.0 AI-native automated software risk analysis skill. LLM-driven, Code-First approach for comprehensive security risk assessment, threat modeling, security analysis, security audit, and penetration testing. ## What's New in v3.2.0 - **Tool-assisted analysis**: Integrated Luoshu (14 MCP), Ghidra (18 MCP), CodeQL (65 MCP), Joern (15 CWE queries) for deep code and binary analysis - **Complex system support**: DFD auto-generation, CFG/DFG analysis, N-hop call chain tracing, semantic code search - **Binary reverse engineering**: Ghidra decompilation, radare2 recon, call graphs and cross-references - **Automated vulnerability detection**: Joern CWE queries for C/C++, CodeQL security suites - **Attack chain verification**: Luoshu call chains + Ghidra decompilation + Joern taint analysis - **Explicit phase validation**: Replaced hook-based validation with portable `--phase-end` calls - **Tool capabilities matrix**: New `knowledge/tool-capabilities.yaml` for runtime tool discovery - 3 new reference documents in `references/` for on-demand tool guidance - agentskills.io multi-agent platform compatibility (Claude Code, Codex CLI, IDE extensions) See [CHANGELOG.md](CHANGELOG.md) for full version history. ## What's New in v3.0.2 - Major system architecture refactoring, improved security analysis depth and path coverage - Backported SM2 state machine from next-gen AI-Native penetration testing system named "Cobweb" for problem-solving in depth - Added multi-version task history and precise structured phase outputs for CI/CD integration - Optimized context engineering and data disclosure, ~35% token reduction See [CHANGELO

话题

暂无话题

探索更多

数据来自 GitHub,同步时间:2026-07-01