ClawHub

Threat Modeling Expert

v1.0.1

Threat modeling with STRIDE, PASTA, and attack trees. Analyze architectures for security gaps, extract security requirements, build data flow diagrams, and p...

0· 151·1 current·1 all-time
bySolomon Neas@solomonneas
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: it provides high-level threat modeling methods (STRIDE, PASTA, attack trees) and related activities. There are no unrelated requirements (no binaries, env vars, or installs) that conflict with the stated purpose.
Instruction Scope
SKILL.md contains high-level, appropriate steps for threat modeling (define scope, DFDs, apply STRIDE, build attack trees, score threats, design mitigations). Instructions do not direct the agent to read system files, environment variables, or external endpoints, nor do they request collecting unrelated data.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or fetched during install.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for a guidance/analysis skill.
Persistence & Privilege
always is false and the skill does not request persistent system presence or elevated privileges. Autonomous invocation is allowed (platform default) but not itself a concern here.
Assessment
This skill is coherent and appears safe to install: it only provides high-level threat-modeling guidance and does not request credentials or install software. However, do not paste sensitive production secrets, credentials, or private keys into the model's prompts or threat models. Ensure you have authorization to share any architecture diagrams or data you submit, and treat outputs as advisory (not a replacement for hands-on security review or compliance certification).

Like a lobster shell, security has layers — review code before you run it.

latestvk97cfk1kef1tcjzs69ka9chqn583882k
151downloads
0stars
2versions
Updated 4w ago
v1.0.1
MIT-0
Solomon Neas@solomonneas
latest
Download

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Capabilities

  • STRIDE threat analysis
  • Attack tree construction
  • Data flow diagram analysis
  • Security requirement extraction
  • Risk prioritization and scoring
  • Mitigation strategy design
  • Security control mapping

Use this skill when

  • Designing new systems or features
  • Reviewing architecture for security gaps
  • Preparing for security audits
  • Identifying attack vectors
  • Prioritizing security investments
  • Creating security documentation
  • Training teams on security thinking

Do not use this skill when

  • You lack scope or authorization for security review
  • You need legal or compliance certification
  • You only need automated scanning without human review

Instructions

  1. Define system scope and trust boundaries
  2. Create data flow diagrams
  3. Identify assets and entry points
  4. Apply STRIDE to each component
  5. Build attack trees for critical paths
  6. Score and prioritize threats
  7. Design mitigations
  8. Document residual risks

Safety

  • Avoid storing sensitive details in threat models without access controls.
  • Keep threat models updated after architecture changes.

Best Practices

  • Involve developers in threat modeling sessions
  • Focus on data flows, not just components
  • Consider insider threats
  • Update threat models with architecture changes
  • Link threats to security requirements
  • Track mitigations to implementation
  • Review regularly, not just at design time

Comments

Loading comments...