ClawHub

S³ Threat Modeling

v1.0.0

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement ext...

0· 98·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (threat modeling, STRIDE, PASTA, attack trees) match the SKILL.md steps and capabilities. The skill does not request unrelated binaries, credentials, or config paths. Minor provenance note: source/homepage are missing, so author identity is unknown but this does not make the content incoherent.
Instruction Scope
SKILL.md contains high-level, well-scoped threat-modeling steps (define scope, DFDs, STRIDE, attack trees, score/prioritize, mitigations). It does not instruct the agent to read system files, environment variables, or send data to external endpoints. It naturally expects the user to provide architecture info, which is appropriate for its purpose.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk model — nothing will be written to disk or auto-installed by the skill.
Credentials
No environment variables, credentials, or config paths are required. The absence of secrets is proportionate to an advisory/expert skill.
Persistence & Privilege
always is false and the skill is user-invocable. It can be invoked autonomously (platform default) but it does not request elevated or persistent privileges or attempt to modify other skills or system settings.
Assessment
This skill is coherent and low-risk: it only provides guidance for threat modeling and asks users to supply architecture/context. Before using it, don't paste secrets, private keys, or full production configs—redact sensitive details. Verify you have authorization to share any internal architecture. Because the skill's publisher and homepage are not provided, prefer using it for general guidance or in non-sensitive reviews until you can confirm provenance or use an internal security reviewer for critical systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cy3rp376vyjqbz6ycah2wqn83644wpastavk97cy3rp376vyjqbz6ycah2wqn83644wsecurity-architecturevk97cy3rp376vyjqbz6ycah2wqn83644wstridevk97cy3rp376vyjqbz6ycah2wqn83644wthreat-modelingvk97cy3rp376vyjqbz6ycah2wqn83644w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments