ClawHub

Threat

v1.0.0

Deep threat modeling workflow—system decomposition, trust boundaries, STRIDE-style threats, mitigations, prioritization, and tracking. Use when designing new...

0· 56·0 current·0 all-time
by@mike47512
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md content. The workflow covers system decomposition, trust boundaries, STRIDE threats, mitigations, prioritization and tracking — all coherent with the stated purpose. No unrelated capabilities (cloud creds, CI tokens, etc.) are requested.
Instruction Scope
SKILL.md is a guidance document for running threat-model workshops and producing artifacts. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect secrets. Prompts and outputs are limited to threat-modeling artifacts and facilitation.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk writes and reduces supply-chain risk.
Credentials
No required environment variables, credentials, or config paths are declared. The guidance discusses assets and sensitive data conceptually but does not request or demand secrets or unrelated credentials.
Persistence & Privilege
always is false and model invocation is permitted (default). The skill does not request persistent presence or to modify other skills or system-wide settings.
Assessment
This skill is a high-level facilitator for threat-modeling workshops and is internally consistent with that purpose. Because it is instruction-only (no installs or required secrets), it has a low technical footprint. Before using it: avoid pasting real secrets (API keys, private keys, or PII) into the chat or outputs; confirm any artifacts the agent generates are stored according to your team policy; and prefer explicit, on-demand invocation rather than long-running or automated runs if you want tighter control over what project information the agent can access. If you need the agent to integrate with ticketing or issue trackers, review those integration steps separately for required credentials and scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cnvksdbqj6xjn06a3p2pesn83pr04

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments